[nycphp-talk] worm/virus's hammering feedback scripts?POLISHED VERSION
David Mintz
dmintz at davidmintz.org
Wed Sep 14 11:20:13 EDT 2005
On Wed, 14 Sep 2005, Hans Zaunere wrote:
> >
> > So it would seem if you ventured past the parts of the JavaMail API
> > which allow you to use Strings, instead of creating InternetAddress
> > objects and hardcoding the subject, you would be "safe" from the
> > exploit, but you should double check any methods that you are using
> > that expect Strings.
>
> Good point - looks like justification for a wrapper class for the mail()
> function in PHP.
>
> We're working on getting a Phundamentals article online covering the
> discussion over the last couple of days. Thanks Roland and everyone for
> their feedback and discussion.
And that class would sanitize message headers only, or the body as well? I
am still unclear whether evil stuff in the body can spawn a completely new
message.
---
David Mintz
http://davidmintz.org/
More information about the talk
mailing list