librelist archives

home // archives //

« back to archive

Header injection detection

Header injection detection

From:
Dan Jacob
Date:
2010-06-01 @ 15:31 
Hi,

Does Lamson provide support for header injection prevention ?

As detailed here :
http://www.nyphp.org/PHundamentals/8_Preventing-Email-Header-Injection

Re: [lamson] Header injection detection

From:
Zed A. Shaw
Date:
2010-06-01 @ 16:38 
On Tue, Jun 01, 2010 at 04:31:18PM +0100, Dan Jacob wrote:
> Hi,
> 
> Does Lamson provide support for header injection prevention ?
> 
> As detailed here :
> http://www.nyphp.org/PHundamentals/8_Preventing-Email-Header-Injection

Hmm, I think it might barf if it wasn't done very correctly, but yeah I
haven't tested for it.  Lamson could probably detect this though, but
it'd do it based simply on whether there's BCC fields with those
addresses.



-- 
Zed A. Shaw
http://zedshaw.com/

Re: [lamson] Header injection detection

From:
Dan Jacob
Date:
2010-06-03 @ 11:49 
OK, I can test for it elsewhere, no problem.

Lamson rocks BTW, thanks for your work.

On 1 June 2010 17:38, Zed A. Shaw <zedshaw@zedshaw.com> wrote:
> On Tue, Jun 01, 2010 at 04:31:18PM +0100, Dan Jacob wrote:
>> Hi,
>>
>> Does Lamson provide support for header injection prevention ?
>>
>> As detailed here :
>> http://www.nyphp.org/PHundamentals/8_Preventing-Email-Header-Injection
>
> Hmm, I think it might barf if it wasn't done very correctly, but yeah I
> haven't tested for it.  Lamson could probably detect this though, but
> it'd do it based simply on whether there's BCC fields with those
> addresses.
>
>
>
> --
> Zed A. Shaw
> http://zedshaw.com/
>

Archives based on code by Armin Ronacher //