--- Tim Makins <[EMAIL PROTECTED]> wrote:
> Hi James - you seem to be talking about email-address checking from a > security point of view. I'd be interested to know the security implications > of someone submitting an un-checked email to, say, a members database. What > trouble could a malicious person cause in this way? > > Tim in Ireland I would imagine that illegal characters in an email address would be a much more dangerous problem in Perl than PHP since many programs send email by calling a system command. For example, if an email caontained a semicolon followed by a Unix/Linux command, it might be executed from a Perl program with the user account running the Perl program if the email value is not being checked. PHP security problems I have actually seen are cases where a user input is used to determine a filename to be used in an include() or require() statement. Any time you have to use a system(), exec(), passthru() or backtick operator which runs a system command you must be especially careful if user input is part of the command being run. The question about email validation came up, so I posted my opinion. We do seem to be drifting from the original topic of PHP vs Javascript for HTML forms. James _____ James D. Keeline http://www.Keeline.com http://www.Keeline.com/articles http://Stratemeyer.org http://www.Keeline.com/TSCollection http://www.ITeachPHP.com -- Free Computer Classes: Linux, PHP, etc. Fall Semester Begins Sep 7 -- New Classes Start Every Few Weeks. ------------------------ Yahoo! Groups Sponsor --------------------~--> Most low income households are not online. Help bridge the digital divide today! http://us.click.yahoo.com/cd_AJB/QnQLAA/TtwFAA/HKFolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
