[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Contact Us/ Multiple FeedBack Pages/Multiple Email Address es

To: minivend-users@minivend.com
Subject: Re: [mv] Contact Us/ Multiple FeedBack Pages/Multiple Email Address es
From: kswisher@iolinc.net (Swisher, Karl)
Date: Fri, 3 Dec 1999 11:21:58 -0500
References: <Pine.OSF.3.95.991201092532.23622B-100000@josephus.furph.com>
Reply-To: kswisher@iolinc.net

Hello,
	I got it working.  I modified the feedback pages.  Also I added a
variable in catalog.cfg called EMAILSEND.  Set this variable to 'Karl' .  Just
like Order_To is 'Minivend;' EMAILSEND is 'Karl'  so instead of __Order_To__ 
in the second feedback file I changes it to __EMAILSEND__.  The program
somewhere else attaches the @rest.of.address to the prefix.  It now works great.

Thanks
Karl

On Wed, 01 Dec 1999, you wrote:
> ******    message to minivend-users from Larry Leszczynski <larryl@furph.com>     ******
> 
> Hi All -
> 
> jojo's approach to solving the feedback form problem is good, but in
> the interest of security...
> 
> > <FORM ACTION="http://__SERVER_NAME____CGI_URL__/postout?[data session id]"
> >       METHOD="POST">
> > [L]Subject[/L] : <SELECT NAME="subject">
> >                          <OPTION VALUE="Hello world!"> Hello World!
> >                          <OPTION VALUE="Hello Karl!"> Hello Karl!
> >                  </SELECT>
> >  [L]Message[/L] :
> >        <TEXTAREA name="MESSAGE" cols=60 rows=20>[value MESSAGE]</TEXTAREA>
>   vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> > <input type="hidden" Name="emailto" VALUE="kswisher@iolinc.net"> 
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     Please don't do this!
> 
> > <input type="submit" Name=mv_todo VALUE="Senden"> 
> >  </FORM>
> 
> 
> It's a "Bad Idea (tm)" to put mailto or similar values as hidden form
> variables.  Anyone can save the form from their browser to a local file,
> edit the mailto address, and submit the form from that local copy.  That
> means they can use your mail server to send email anonymously to anyone
> else, and it will look like it came from you or your company.  (There is a
> well known case of an MIT script that was set up this way - another web
> site linked to that CGI program and set up their own anonymous emailing
> service which they offered to the public.) 
> 
> It would be much better to have the postout script itself determine the
> mailto address based on the Subject selection, or based on another select
> list of "To" destinations like "Sales", "Support", etc. 
> 
> (Not specifically a MiniVend topic I know, but there's been talk of credit
> card number security recently and it's important to think about all
> aspects of security...)
> 
> 
> Larry Leszczynski
> larryl@furph.com
> --
>   furph, Inc.	WWW/Unix/Windows Solutions	734-513-7763 (voice)
> info@furph.com	   http://www.furph.com		734-513-7759 (FAX)
> 
> -
> To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- Re: [mv] Contact Us/ Multiple FeedBack Pages/Multiple Email Address es
  - From: Larry Leszczynski <larryl@furph.com>

Prev by Date: minimate & loss of data
Next by Date: Re: [mv] minimate & loss of data
Prev by thread: Re: [mv] Contact Us/ Multiple FeedBack Pages/Multiple Email Address es
Next by thread: Critique Requested
Index(es):
- Date
- Thread