[Mimedefang] OT: Email web form exploits
David F. Skoll
dfs at roaringpenguin.com
Wed Sep 7 10:27:55 EDT 2005
WBrown at e1b.org wrote:
> Isn't that called input validation and something that should be done
> anyways?
True. But some input validation is a bit aggressive. How many broken
Web forms out there don't permit "+" in an e-mail address? And my
colleague, Dave O'Neill, can tell lots of horror stories about how his
name is mangled by aggressive-but-incorrect SQL-injection
countermeasures. :-(
Regards,
David.
More information about the MIMEDefang
mailing list