[sork] Increase the forward security?
Sébastien CORBEAU
scorbeau at improve.fr
Mon May 12 12:21:38 PDT 2003
Hi *,
I use imp in a production system with turba, passwd and vacation.
I'm paranoiac and I hesitate to add the forward module due to a security reason:
I can enter "cat /etc/passwd" in the .forward :(
In the Driver.php file, the email validity is checked in the _make_email_address
function with Mail_RFC822::parseAddressList.
Did you plan to change this? I'm not a developper but I found a function which
block bad adress http://www.cgsa.net/php/?script=mail
I don't want to check the validity of the email (dns, mx...) but that the user
doesn't enter something dangerous (rm -rf / :)).
Thanks,
seb
More information about the sork
mailing list