[horde] To: and From: formatting problem

Chris bsd at 1command.com
Wed Mar 1 09:04:39 PST 2006 

Quoting Chris <bsd at 1command.com>:

> Hello, and thank you for your reply.
>
>
> Quoting Chuck Hagenbuch <chuck at horde.org>:
>
>> Quoting Chris <bsd at 1command.com>:
>>
>>> The previous version didn't do this.
>>
>> IMP has done this since version 1.x.
>>
>>> It would appear that this could easily be a security risk - even
>>> greater than that of the last version. As it isn't properly handling
>>> input on the To: and/ or From:. It shouldn't be possible to place
>>> potential operators on these lines. As it provides the ability to
>>> create scripts that can cause undesired manipulation.
>>
>> What on earth are you talking about?
>
> What I am trying to say, is that it places the To:
> (letter T, letter o *and* a colon) *as well* as my email address
[EDIT]
that should read:
(letter T, letter o *and* a colon) *as well* as the email address I
*sent* *it* *to*
eg;  	To:horde at lists.horde.org  	in this case.
I'm sorry. But the *To:* part is the problem I'm trying to convey here. :)
[/EDIT]
> in the
> From column. The previous version didn't do this. It shouldn't be permitted
> to place potential operators (#@!$%^&*()_-+=`~'"?/>.<,) in the From: or To:
> fields. Nor should they be sent or recieved. I'm sure that this is a 
> potential
> risk.
>
> Thanks again for your reply.
>
> --Chris
>
>>
>> -chuck
>>
>> --
>> "we are plastered to the windshield of the bus that is time." - Chris
>> --
>> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
>
>
> ----------------------------------------------------------------
> FreeBSD 5.5-PRERELEASE MAIL04 Fri Feb 24 16:59:38 PST 2006
> ////////////////////////////////////////////////////////////////
>
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



----------------------------------------------------------------
FreeBSD 5.5-PRERELEASE MAIL04 Fri Feb 24 16:59:38 PST 2006
////////////////////////////////////////////////////////////////

More information about the horde mailing list