Marty Landman <[EMAIL PROTECTED]> writes:
> Besides the problem of breaking things that work, isn't this also a
> potential security issue?
Yes. Broken scripts can break.
Checking against hostname has never been exceptionally secure.
> It includes a provision for hard coding the domain it is installed
> to, which the script compares at run time against the
> $ENV{HTTP_REFERER}. If these don't match the email won't be sent.
You realize that someone could just send a different referer header?
--
Alan Shutko <[EMAIL PROTECTED]> - I am the rocks.
You read fiction novels? I read fiction on the nets.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
