Marty Landman <[EMAIL PROTECTED]> writes:
>>* Hardcode multiple addresses in the script, and have a token in the
>> form specify which address to mail to. For example, if the form
>> says address=FOO, you look it up $addresses[FOO] to get
>> "[EMAIL PROTECTED]".
> What's the advantage here
At 05:31 PM 3/5/2004, Alan Shutko wrote:
You'll have to stop getting the email address from the form.
Ok, that sounds like a good idea. What I'm working on with this new release
is a web installer, so putting the recipient address in the code isn't a
problem. I do think it would be more proper t
Marty Landman <[EMAIL PROTECTED]> writes:
> Alan, I'm working on a rewrite now and am concerned with properly
> doing things. Could you please advise on how to best prevent this type
> of exploit, given that a check of referer against a hard-coded
> hostname is not so good?
You'll have to stop ge
At 04:10 PM 3/5/2004, Alan Shutko wrote:
Checking against hostname has never been exceptionally secure.
You realize that someone could just send a different referer header?
Alan, I'm working on a rewrite now and am concerned with properly doing
things. Could you please advise on how to best prev
On Fri, Mar 05, 2004 at 03:16:34PM -0600, Alan Shutko wrote:
> This is really a fairly common setup. As I mentioned, Windows and Mac
> don't generally really care what the hostname associated with their IP
> is. Few applications care. So DHCP servers just hand out IPs, and
Not true for Windows.
At 04:10 PM 3/5/2004, Alan Shutko wrote:
Checking against hostname has never been exceptionally secure.
You realize that someone could just send a different referer header?
Alan, I'm working on a rewrite now and am concerned with properly doing
things. Could you please advise on how to best prev
John Schmidt <[EMAIL PROTECTED]> writes:
> I am using dhcp3-client to pull the ip number and other assorted
> information. However, I can't get a hostname returned from the dhcp
> server.
It may not be sending one, since most clients don't care what their
hostname is. Use a script to use the "h
Marty Landman <[EMAIL PROTECTED]> writes:
> Besides the problem of breaking things that work, isn't this also a
> potential security issue?
Yes. Broken scripts can break.
Checking against hostname has never been exceptionally secure.
> It includes a provision for hard coding the domain it i
At 12:13 PM 3/5/2004, John Schmidt wrote:
Unfortunately, it is not my decision to make. If it were, I would not have
the dhcp server assign hostnames.
Besides the problem of breaking things that work, isn't this also a
potential security issue? For instance I offer a free formmailer script
that
On Friday 05 March 2004 09:00 am, Jonathan Schmitt wrote:
> >My university is switching everyone over from a static ip to one assigned
> > via dhcp. In addition, they are specifying the hostname for each of
> > these addresses. Unfortunately, we don't get an option to choose a
> > hostname. It s
John Schmidt wrote:
Hi,
My university is switching everyone over from a static ip to one assigned via
dhcp. In addition, they are specifying the hostname for each of these
addresses. Unfortunately, we don't get an option to choose a hostname. It
seems that the current mechanism within Debia
>My university is switching everyone over from a static ip to one assigned via
>dhcp. In addition, they are specifying the hostname for each of these
>addresses. Unfortunately, we don't get an option to choose a hostname. It
>seems that the current mechanism within Debian is to specify a hos
12 matches
Mail list logo
