RE: [SLUG] mailform.cgi needs a little security

Mon, 29 May 2000 18:36:17 -0700 

It would be better to have the passcode on both really as I don't want
people adding other people to the list too.

I was thinking more of a page which has the users details, an Option box for
"Add" and one for "Remove" , a text box for the code.

If the user clicks the "Add" and then submits, the CGI detects there's no
code so it emails them one and refreshes the screen with a message added
saying that they have been emailed the code and to resubmit with the code.
Then they add the code into the text field and submit it again, the CGI will
see the code,check the coded file,confirm and then send the email off and
update screen with a "Successful subscription" page....

Sounds great but I'm not crash hot in perl... like I said, have the theory
but not the code, just partial....

thanks,
George Vieira
Network Administrator
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au



-----Original Message-----
From: Jeff Waugh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 30 May 2000 10:57 AM
To: List - slug
Subject: Re: [SLUG] mailform.cgi needs a little security


> What I thought was to create a form which when submitted would email the
> subscriber a $$ number and writes this to a subscriber.$$ file with the
> email address in it. When the user receives the email, they reply to
> acknowledge the subscription, either added or removed.


Can I make it easier for you? :)

Write up an extra removal confirmation section, be it in this CGI or
another, that takes the passcode.

Workflow like this:

WWW
 |
 +-- Subscribe --> add to list
 |
 +-- Unsubscribe --> send passcode via email, remember it in DB,
      |              redirect to 'enter your confirmation passcode' page
      |
      +-- Confirmation page (passcode okay?) --> remove from list


That way you don't have to fiddle around with email gateways, etc., and the
user can stay on the confirmation page while they wait for the email. Done
it myself, and seen it all over the place with web-based subscription forms
too.


- Jeff


-- [EMAIL PROTECTED] -------------------------------------------------

   w: http://advogato.org/person/jdub/
   i: 16341281 (jdub!)
   q: "She said she loved my mind, though by most accounts I had
       already lost it."



--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text

Reply via email to