Re: Re: Use placeholders. For SECURITY!


XP is just a number
	PerlMonks

Re: Re: Use placeholders. For SECURITY!

by jdtoronto (Prior)

on Nov 14, 2003 at 15:00 UTC ( [id://307060]=note: print w/replies, xml )

Need Help??

in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

And I can tell you of a number of large systems which are web based that have a problem with that! In one case I know of you put an apostrophe in an email address and the Carp output will then give you a clue to the 'backdoor' super-user type access into the system without having to authenticate.

All for the sake of the most simple untainting. Whether it is a valid email address or not - an apostrophe is not permitted in an email address! Fortunately the data on the system is not extremely valuable. It is an email autoresponder system which handles a lot of marketting email. But then again I did wonder how an address of mine that was in somebody's newsletter list suddenly started getting spam. I suspect the spammers have been in through the back door and downloaded all the lists out of the system.

jdtoronto

Comment on Re: Re: Use placeholders. For SECURITY!

Replies are listed 'Best First'.
Re: Use placeholders. For SECURITY! by Abigail-II (Bishop) on Nov 14, 2003 at 15:49 UTC
an apostrophe is not permitted in an email address! It is: `"'"@example.com` is valid syntax. Abigail	[reply]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://307060]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others surveying the Monastery: (5)

As of 2024-04-24 12:54 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found