Mailer
This is a discussion on Mailer within the PHP Language forums, part of the PHP Programming Forums category; "Rik" <luiheidsgoeroe@hotmail.com> wrote in message news:5cd4a$45402d85$8259c69c$11663@news2.tudelft.n l... &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-26-2006
|
|||
|
|||
Re: Mailer
"Rik" <luiheidsgoeroe@hotmail.com> wrote in message news:5cd4a$45402d85$8259c69c$11663@news2.tudelft.n l... > Shelly wrote: >> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message >> >>> "When this button is pressed, I want the user's default email >>> program.." >>> >>> To send email from the user's email program, you will need to >>> expose the client's email to the spambots. You do NOT want to do >>> this. >> >> How is that so? When the button is pressed, I would find the email >> from a database and then open the email program. Is it in the >> passing from the current form to the email client that is the leak? > > Well, a *then* I will find the emailadress is not true. If you want this, > you'll have to look it up earlier, and have it within your HTML/possbly JS > code.] > > Jerry is mainly concerned (as am I), that people giving their emailadress > to one party, agreeing to be mailed by them, will not have to worry about > their emailadress being harvested from the source, or from a mail to > others. So, tell us this is on a really secure backend for your client, > which is impossible to access by any other then that client. > >> Anyway, I implemented a form and used mail(). > > Good choice, and make sure that form is not in any way publicly available. > -- > Rik Wasmus The form is protected. When the admin logs in, I check his password and privileges. I set a session variable for his username. At the top of each admin page, I check that username for his privileges. If not met, I leave that page and divert to a neutral home login page available for all users. These admin pages are in a separate directory. I could set a session variable for his privilege as well, but instead I check the database each time. Any additional suggestions? Shelly 
|
|
10-27-2006
|
|||
|
|||
|
Re: Mailer
Shelly wrote:
> "Rik" <luiheidsgoeroe@hotmail.com> wrote in message > news:5cd4a$45402d85$8259c69c$11663@news2.tudelft.n l... > >>Shelly wrote: >> >>>"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message >>> >>> >>>>"When this button is pressed, I want the user's default email >>>>program.." >>>> >>>>To send email from the user's email program, you will need to >>>>expose the client's email to the spambots. You do NOT want to do >>>>this. >>> >>>How is that so? When the button is pressed, I would find the email >>>from a database and then open the email program. Is it in the >>>passing from the current form to the email client that is the leak? >> >>Well, a *then* I will find the emailadress is not true. If you want this, >>you'll have to look it up earlier, and have it within your HTML/possbly JS >>code.] >> >>Jerry is mainly concerned (as am I), that people giving their emailadress >>to one party, agreeing to be mailed by them, will not have to worry about >>their emailadress being harvested from the source, or from a mail to >>others. So, tell us this is on a really secure backend for your client, >>which is impossible to access by any other then that client. >> >> >>>Anyway, I implemented a form and used mail(). >> >>Good choice, and make sure that form is not in any way publicly available. >>-- >>Rik Wasmus > > > The form is protected. When the admin logs in, I check his password and > privileges. I set a session variable for his username. At the top of each > admin page, I check that username for his privileges. If not met, I leave > that page and divert to a neutral home login page available for all users. > These admin pages are in a separate directory. I could set a session > variable for his privilege as well, but instead I check the database each > time. > > Any additional suggestions? > > Shelly > > Well, first of all, you didn't clarify this is an admin page. If it's a public page I can easily intercept the email address and spam the hell out of your users. On an admin form it's a little harder. Virtually impossible if you use SSL on an admin page. But also if you use an email form and never send the email address to the user in the first place. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================
|
Linear Mode
