Hi,

I have an enquiry form on my site where the user can enter only their own email address and there enquiry. The cgi script already knows by way of ID, where the form is to go.

I have been reading a Perl core language book (little black book) and in it I see that it discusses security of such forms.

Soecifically, it mentions adding '-t oi' like this

/usr/sbin/sendmail -t oi

It also says I should include the line:

ENCTYPE="application/x-www-form-urlencoded" after the action="http etc" line.

Is this still necessary or is there a better way. I'm using perl 5 on unix servers.

Bazz (having read a thread recently by a particular person, I shant add my usual 'thanks' ) :D

Hey bazz,

Well its hard to say somtimes. Alot of servers now a days (well good ones) already include -t oi with there sendmail systems. If you are using SSI to encrypted data you wont need that stuff on the form.

But its always good to try it with it on first. If your server already has it on the script will error and tell you. So its always good to be safe then sorry hehe

(having read a thread recently by a particular person, I shant add my usual 'thanks' )


Which thread is that???? hehe

:D Its in the forum feedback section I think. Probably many pages back coz I was looking back through the history of this board and it appeared. A valid point on occasions - more specifically about peopole saying 'thanks in advance', when they post a question and in some cases it sounds false.

I just hadn't realised it before. :rolleyes:

BTW, since you did reply; thanks!! :thumbsup:

I am delightred to see that someone has taken on board the point I mentioned some time ago.

<rant>

The expression "Thanks in advance" or even worse "TIA", is simply rude, dismissive and bordering on the insolent.

This forum is not some sort of free service which entitles the enquirer to an answer. People voluntarily give up their time to ponder the problem and make an effort to supply a helpful answer - usually to a complete stranger. The enquirer is requesting a favour, not demanding a service. He ought not to so obviously take it for granted.

You only have to write down "Please do me a favour and help me for no reward - thanks in advance" to see how gruesomely rude it sounds. Suppose your boss said "Please let me have a report on this - thanks in advance", I think you would be pretty miffed.

How about "Please help me fix my broken-down car. Thanks in advance". Geddit?
</rant>

Of course if they sound insolent (and I suppose I must have then, a few times), the responder always has the choice not to?
;)

still, I am grateful for all the help you guys give. I try to return the favour but I'm only yet familiar with html and css - and in respect of css, obviously only to a limited degree when I see some of the presentations you guys can churn out. :cool:

bazz

Philip,,, Interesting point.. But what is someone just wants to say thanks,, not matter the consiquence?

I know when I post I say thanks in advance!,, but i really mean thanks if you can help me hehehe...

Then again,, it seems like thats the only thing people do when they post, thanks in advance..... mmm.. kind of like a thing to do,, like saying Hi or goodbye hehe..

Mabye we should make a new Saying for CF,, huh!! hehe

Any ideas??