 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / May 2006how to mail a form in JSP
hi this is ravin. i m a last year IT student and i am doing my project at a govt. organization. i have to do one thing in my project that: > there is a feedback form which is to be filled by any user. > it is having four fields. 1) name 2) tel.no 3) e-mail address 4) comments > i simply have to mail this fields to the org.'s mail address when user hits submit button. there is nothing to do with this fields. please send releated help as early as possible. Hi, Have a look at javamail API. it migth help you How about a simple example? I googled this up in about two minutes using keywords {jsp mailto form} and it was the fourth hit. http://www.peostri.army.mil/BAA/comments.jsp > hi this is ravin. i m a last year IT student and i am doing my project > at a govt. organization. i have to do one thing in my project that: [quoted text clipped - 7 lines] > > please send releated help as early as possible. > How about a simple example? I googled this up in about two minutes > using keywords {jsp mailto form} and it was the fourth hit. [quoted text clipped - 12 lines] > > > > please send releated help as early as possible. Well that example doesnt really show much, except the html for sending the email, but I noticed a single thing about that example that you should _never_ _ever_ do....the "to" email is a hidden field in the form, and if your code just accepts that email "as-is", you open yourself to all kinds of problems. Instead if your form as different possible mail-to options, have the form submit a value like "1" and then select the appropriate email from an array or something. Just thought I'd share this thought. /Steen >> How about a simple example? I googled this up in about two minutes >> using keywords {jsp mailto form} and it was the fourth hit. [quoted text clipped - 22 lines] > > /Steen Another classic web email form of attack: If the mail form code just blindly puts the body as typed in by the user as the body of the email, it can be vulnerable: a naughty person could something like the following in the body field: Bcc: someaddress@somewhere .. and in some circumstances, because this looks like a header, it can be interpreted as a header by the mail agent, if it's the first thing in the body. > Another classic web email form of attack: > If the mail form code just blindly puts the body as typed in by the user [quoted text clipped - 6 lines] > be interpreted as a header by the mail agent, if it's the first thing in > the body. Interesting. I thought you needed a blank line between the header and the body of an e-mail (assuming SMTP anyway), otherwise the SMTP server would reject the e-mail as being invalid. So if your code were indeed vulnerable to this attack, I'd imagine you'd find out very soon (the first e-mail which doesn't start with a blank line and can't be interpreted as a header would fail). - Oliver Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.