Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Form query
December 5, 2004, 5:55 pm
rate this thread
// for ultimate security, use this instead of using the form
$recipient = "email@example.com"; // firstname.lastname@example.org
Can someone please explain this entry.
Placing my address in there enables the form to be accepted and sent to me.
Without an address in there the form is rejected at the input stage with an
error response implying that there is no recipient address.
However the use of the word "instead" implies that an email address is
optional here and that there is an alternative that works. What is it?
Is there perhaps an entry missing in the form HTML that could serve as an
If I include the line '<input type="hidden" name="recipient" value="and
place my email address here"> the form is rejected.
Any clarification would be appreciated
Re: Form query
That's the least of the problems.
Allowing the e-mail form submitter to specify the recipient -- and even
with 'hidden' input, they can -- is opening the door wide to the form
and the web server that handles it being abused by spammers to send spam
to _anyone they want to_, not just you. It is trivial to write a script
that submits such a form over and over again, specifying a different
recipient each time.
Keep your e-mail address in the script. It's not there to save you from
getting spammed: it's there to save your form from being the source of
spam for others.
"May she also say with just pride:
I have done the State some service."
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum