Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nms-formmail and security



 Thanks for the comments. 
I am using the latest secure version.  It doesn't use the recipients address 
as a CGI parameter.  I plan to change the name of the script from formmail 
to some other name in case someone is searching for the name. 
Jay 

On Dec 13, 2007 4:48 AM, Tom Metro <[hidden email]> wrote: 

> James Kramer wrote: 
> > Is nms-formmail secure? 
> 
> Didn't the original version of this script accept the recipient address 
> as a CGI parameter? That's a security hole in the sense that it turns 
> your web server into an open mail relay. I'd avoid using any script that 
> supports such functionality. 
> 
>  -Tom 
> 
> -- 
> Tom Metro 
> Venture Logic, Newton, MA, USA 
> "Enterprise solutions through open source." 
> Professional Profile: http://tmetro.venturelogic.com/
> 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org