httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank Jones" <jones...@gmail.com>
Subject Re: Sending email from an Apache content generator
Date Thu, 31 May 2007 17:21:41 GMT
On 5/31/07, Nick Kew <nick@webthing.com> wrote:
> On Thu, 31 May 2007 10:01:06 -0500
> "Frank Jones" <jonesf11@gmail.com> wrote:
>
>
> > I should add some details. First, this is a pre-existing module in C,
> > not new development. I need to look up a value in a database and then
> > send a standard response email.
>
> OK.  Well, a few bulletpoints to improve security in what you wrote:
>  * Don't call "mail".  Always call external programs by their full path.
>  * But make that path configurable by the sysop.
>  * Set up your process environment explicitly before forking a process.

Thanks again. Having looked around a bit, it looks like I can avoid
calling out to another program by using libESMTP[1]. Apparently this
library can produce SIGPIPE if the mail server drops the connection or
something, so I should probably still fork before I call it, but I
wouldn't need to worry about my environment, right?


[1] http://www.stafford.uklinux.net/libesmtp/

Mime
View raw message