I'm doing s simply email form, with just three fields, one each for name,
email, and the message body of the email. It goes straight to CDO, and takes
the user to a thank you page.
What kind of damage can I expect to need to protect myself from? I mean, if
there were a database involved, I'd need to protect against SQL injection,
things like that. But in this case, there's no database. I plan to put a
maxlength on the fields, but is there anything else I should beware of, and
if so, what can be done about it?
6  2249 
Well, for one, you might want to protect yourself from being accused a
spammer. Is it easy for me to type in anyone's e-mail address?
If you explain the purpose of the form, you might get better answers.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:ue*************@tk2msftngp13.phx.gbl... I'm doing s simply email form, with just three fields, one each for name,
email, and the message body of the email. It goes straight to CDO, and
takes the user to a thank you page.
What kind of damage can I expect to need to protect myself from? I mean,
if there were a database involved, I'd need to protect against SQL injection,
things like that. But in this case, there's no database. I plan to put a
maxlength on the fields, but is there anything else I should beware of,
and if so, what can be done about it?
Since I don't have the pages on the web yet, I can't show you the finished
product. But if you go to my web site at www.middletree.net, you'll see by
clicking the left links that there are several articles--short bible
studies, really--and I am simply adding a form at the bottom of those pages,
with two text boxes for name and email address, and a textarea for the
message that people would put in some message in paragraph form.
I did this a couple of years ago when I was using FrontPage, but couldn't do
it in ASP because my host was on Unix. Now, I'm on a Windows host, so I can
go back to using the forms.
Yes, I guess anyone can put any email address in there, but often, they will
want me to reply. I guess that I could remove that field and ask people to
put their email addy in the textarea, but I'm not sure that would keep me
from potential spammers.
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:uu*************@TK2MSFTNGP11.phx.gbl... Well, for one, you might want to protect yourself from being accused a
spammer. Is it easy for me to type in anyone's e-mail address?
If you explain the purpose of the form, you might get better answers.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:ue*************@tk2msftngp13.phx.gbl... I'm doing s simply email form, with just three fields, one each for
name, email, and the message body of the email. It goes straight to CDO, and
takes the user to a thank you page.
What kind of damage can I expect to need to protect myself from? I mean,
if there were a database involved, I'd need to protect against SQL
injection, things like that. But in this case, there's no database. I plan to put
a maxlength on the fields, but is there anything else I should beware of,
and if so, what can be done about it?
Oh, see? It wasn't clear to me that the e-mail address they enter was NOT
the one you were planning on sending to, using CDO.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oe*************@TK2MSFTNGP11.phx.gbl... Since I don't have the pages on the web yet, I can't show you the finished
product. But if you go to my web site at www.middletree.net, you'll see by
clicking the left links that there are several articles--short bible
studies, really--and I am simply adding a form at the bottom of those
pages, with two text boxes for name and email address, and a textarea for the
message that people would put in some message in paragraph form.
I did this a couple of years ago when I was using FrontPage, but couldn't
do it in ASP because my host was on Unix. Now, I'm on a Windows host, so I
can go back to using the forms.
Yes, I guess anyone can put any email address in there, but often, they
will want me to reply. I guess that I could remove that field and ask people
to put their email addy in the textarea, but I'm not sure that would keep me
from potential spammers.
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:uu*************@TK2MSFTNGP11.phx.gbl... Well, for one, you might want to protect yourself from being accused a
spammer. Is it easy for me to type in anyone's e-mail address?
If you explain the purpose of the form, you might get better answers.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:ue*************@tk2msftngp13.phx.gbl... I'm doing s simply email form, with just three fields, one each for name, email, and the message body of the email. It goes straight to CDO, and takes the user to a thank you page.
What kind of damage can I expect to need to protect myself from? I
mean, if there were a database involved, I'd need to protect against SQL injection, things like that. But in this case, there's no database. I plan to
put a maxlength on the fields, but is there anything else I should beware
of, and if so, what can be done about it?
Right. I can see where that would be a dumb thing to build into a web page.
Now, back to the OP: (and yes, I looked at aspfaq.com before posting this).
Is there anything I should put in there to catch potentially bad stuff,
since there is no database involved?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:u3*************@TK2MSFTNGP11.phx.gbl... Oh, see? It wasn't clear to me that the e-mail address they enter was NOT
the one you were planning on sending to, using CDO.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oe*************@TK2MSFTNGP11.phx.gbl... Since I don't have the pages on the web yet, I can't show you the
finished product. But if you go to my web site at www.middletree.net, you'll see
by clicking the left links that there are several articles--short bible
studies, really--and I am simply adding a form at the bottom of those pages, with two text boxes for name and email address, and a textarea for the
message that people would put in some message in paragraph form.
I did this a couple of years ago when I was using FrontPage, but
couldn't do it in ASP because my host was on Unix. Now, I'm on a Windows host, so I
can go back to using the forms.
Yes, I guess anyone can put any email address in there, but often, they
will want me to reply. I guess that I could remove that field and ask people
to put their email addy in the textarea, but I'm not sure that would keep
me from potential spammers.
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:uu*************@TK2MSFTNGP11.phx.gbl... Well, for one, you might want to protect yourself from being accused a
spammer. Is it easy for me to type in anyone's e-mail address?
If you explain the purpose of the form, you might get better answers.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:ue*************@tk2msftngp13.phx.gbl...
> I'm doing s simply email form, with just three fields, one each for
name, > email, and the message body of the email. It goes straight to CDO,
and takes
> the user to a thank you page.
>
> What kind of damage can I expect to need to protect myself from? I
mean, if
> there were a database involved, I'd need to protect against SQL
injection, > things like that. But in this case, there's no database. I plan to put a > maxlength on the fields, but is there anything else I should beware
of, and
> if so, what can be done about it?
>
>
>
>
None that I can think of, other then ensuring there is a maxlength (e.g. to
avoid buffer overrun attempts).
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oc**************@TK2MSFTNGP12.phx.gbl... Right. I can see where that would be a dumb thing to build into a web
page.
Now, back to the OP: (and yes, I looked at aspfaq.com before posting
this). Is there anything I should put in there to catch potentially bad stuff,
since there is no database involved?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:u3*************@TK2MSFTNGP11.phx.gbl... Oh, see? It wasn't clear to me that the e-mail address they enter was
NOT the one you were planning on sending to, using CDO.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oe*************@TK2MSFTNGP11.phx.gbl... Since I don't have the pages on the web yet, I can't show you the finished product. But if you go to my web site at www.middletree.net, you'll
see by clicking the left links that there are several articles--short bible
studies, really--and I am simply adding a form at the bottom of those
pages, with two text boxes for name and email address, and a textarea for the
message that people would put in some message in paragraph form.
I did this a couple of years ago when I was using FrontPage, but couldn't do it in ASP because my host was on Unix. Now, I'm on a Windows host, so
I can go back to using the forms.
Yes, I guess anyone can put any email address in there, but often,
they will want me to reply. I guess that I could remove that field and ask
people to put their email addy in the textarea, but I'm not sure that would keep me from potential spammers.
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:uu*************@TK2MSFTNGP11.phx.gbl...
> Well, for one, you might want to protect yourself from being accused
a > spammer. Is it easy for me to type in anyone's e-mail address?
>
> If you explain the purpose of the form, you might get better
answers. >
> --
> Aaron Bertrand
> SQL Server MVP
> http://www.aspfaq.com/
>
>
>
>
> "middletree" <mi********@htomail.com> wrote in message
> news:ue*************@tk2msftngp13.phx.gbl...
> > I'm doing s simply email form, with just three fields, one each
for name,
> > email, and the message body of the email. It goes straight to CDO,
and > takes
> > the user to a thank you page.
> >
> > What kind of damage can I expect to need to protect myself from? I
mean, > if
> > there were a database involved, I'd need to protect against SQL
injection,
> > things like that. But in this case, there's no database. I plan
to put a
> > maxlength on the fields, but is there anything else I should
beware of, > and
> > if so, what can be done about it?
> >
> >
> >
> >
>
>
thanks, as always.
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:#h**************@TK2MSFTNGP12.phx.gbl... None that I can think of, other then ensuring there is a maxlength (e.g.
to avoid buffer overrun attempts).
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oc**************@TK2MSFTNGP12.phx.gbl... Right. I can see where that would be a dumb thing to build into a web page.
Now, back to the OP: (and yes, I looked at aspfaq.com before posting
this). Is there anything I should put in there to catch potentially bad stuff,
since there is no database involved?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:u3*************@TK2MSFTNGP11.phx.gbl... Oh, see? It wasn't clear to me that the e-mail address they enter was NOT the one you were planning on sending to, using CDO.
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"middletree" <mi********@htomail.com> wrote in message
news:Oe*************@TK2MSFTNGP11.phx.gbl...
> Since I don't have the pages on the web yet, I can't show you the
finished > product. But if you go to my web site at www.middletree.net, you'll see by > clicking the left links that there are several articles--short bible
> studies, really--and I am simply adding a form at the bottom of
those pages,
> with two text boxes for name and email address, and a textarea for
the > message that people would put in some message in paragraph form.
>
> I did this a couple of years ago when I was using FrontPage, but
couldn't do
> it in ASP because my host was on Unix. Now, I'm on a Windows host,
so I can
> go back to using the forms.
>
> Yes, I guess anyone can put any email address in there, but often, they will
> want me to reply. I guess that I could remove that field and ask people to
> put their email addy in the textarea, but I'm not sure that would
keep me > from potential spammers.
>
>
>
>
>
> "Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
> news:uu*************@TK2MSFTNGP11.phx.gbl...
> > Well, for one, you might want to protect yourself from being
accused a > > spammer. Is it easy for me to type in anyone's e-mail address?
> >
> > If you explain the purpose of the form, you might get better answers. > >
> > --
> > Aaron Bertrand
> > SQL Server MVP
> > http://www.aspfaq.com/
> >
> >
> >
> >
> > "middletree" <mi********@htomail.com> wrote in message
> > news:ue*************@tk2msftngp13.phx.gbl...
> > > I'm doing s simply email form, with just three fields, one each for > name,
> > > email, and the message body of the email. It goes straight to
CDO, and > > takes
> > > the user to a thank you page.
> > >
> > > What kind of damage can I expect to need to protect myself from?
I mean,
> > if
> > > there were a database involved, I'd need to protect against SQL
> injection,
> > > things like that. But in this case, there's no database. I plan
to put
> a
> > > maxlength on the fields, but is there anything else I should beware of,
> > and
> > > if so, what can be done about it?
> > >
> > >
> > >
> > >
> >
> >
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Rudi Groenewald |
last post by:
Hi there...
I use SQL server integrated security so when a user opens a database in
access it prompts the username & password in a small popup box on
connection, but I'd like to use my own...
|
by: dvorett |
last post by:
I have a form in my database that is password protected, and several
forms contain buttons that open the password protected page. Each
button asks for the password, but I dont want access to ask...
|
by: |
last post by:
I am having trouble figuring out to call a database INSERT procedure from a
simple submit form.
It appears I should use the onclick event to trigger the procedure called
BUT when I do this I...
|
by: Scott |
last post by:
I've been trying to come up with a way to ensure user input is coming
from the form on my site, and not auto-submitted from elsewhere, and I
don't want to use the "enter the code shown in the...
|
by: pd123 |
last post by:
I'm new to C# and .net and I'm trying to create a form that will register users in a sql server database. I have the following code but when I run the code I get an error "
The name 'Peter' is...
|
by: Budhi Saputra Prasetya |
last post by:
Hi,
I managed to create a Windows Form Control and put it on my ASP .NET page. I
have done the suggestion that is provided by modifying the security settings.
From the stack trace, I would...
|
by: Spycat |
last post by:
Hi all and happy holidays!
I should start off by stating I am NOT a PHP programmer.
I say that so that in any response to me, you will speak very s-l-o-w-l-y or I won't know what you're talking...
|
by: Parasyke |
last post by:
Can anyone coach me in a custom log-in screen? I have a table set up
with users and a password. So basically the user sign in form would
authenticate the user
and password (IF - Then). What I need...
|
by: klenwell |
last post by:
Another request for comments here.
I'd like to accomplish something like the scheme outlined at this page
here:
http://tinyurl.com/3dtcdr
In a nutshell, the form uses javascript to hash...
|
by: Graham |
last post by:
I'm trying to write a CGI script in C#; it receives data from an HTML
form via the POST method, and tries to read the form data using
System.Environment.GetEnvironmentVariable(). Which is where I...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
