[NCLUG] html form to email cgi advice
Stephen Warren
swarren at wwwdotorg.org
Mon Feb 13 12:22:47 MST 2012
On 02/13/2012 09:07 AM, Gabriel L. Somlo wrote:
> Hi,
>
> I'm trying to set up a couple of html forms that would generate emails
> when submitted. Ability to "attach" files (via html type="file" input)
> would be a huge plus.
A word of advice here: Think very carefully about security. You need to
do one/both of:
a) Restrict the "to" address so it can only send email to a single
specific email address that the web user can't override.
b) If that'll break your use-case, password-protect access to the form
(e.g. Apache .htaccess) so that only specific trusted users can access
the form.
If you don't do that, spammers will find the form (especially if you use
off-the-shelf common software to implement it) and turn your machine
into a spam proxy.
In case (a) certainly and possibly (b) too depending on your user-base,
you also want some kind of anti-spam software integrated into the form,
or in the mail server receiving from the form, so that people can't spam
the designated recipient address.
More information about the NCLUG
mailing list