More on Form Security

Elizabeth H. Hamilton hamilte at one.net
Tue Jan 6 14:04:24 EST 1998


I think I found the answer to my first question. The form I spoke of in my
earlier post "Form Security" would not be secure because what would keep a
user from using another form to call my script!? In their form, they could
"hardcode" metachracters into the place where I would have put the email
addresses!

Apparently the only secure route is to check all input on that field
for metacharacters. Let me dust off my Perl regexes and get to work! 

Back to the drawing board! ;-)

Thanks again!

Liz

------------------
Elizabeth Hamilton, 
Web Developer                     
hamilte at one.net
elizabeth.hamilton at uc.edu



More information about the Web4lib mailing list