SitePoint Sponsor |
|
User Tag List
Results 1 to 2 of 2
-
Sep 9, 2009, 01:46 #1
- Join Date
- Aug 2004
- Location
- Taunton, UK
- Posts
- 787
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
If using phpMailer - do I need additional security checks?
I have decided to replace all my mail functionality in my site with phpMailer as I have read that this will protect me from the likes of mail injection.
I just wanted to confirm what protection this will offer me and what additional security checks I should include in my form handling?
Thanks
PaulMediakitchen Limited
App Development | Website Design & Development | Flash Game Development
Somerset, UK
http://www.mediakitchen.co.uk
-
Sep 10, 2009, 19:57 #2
- Join Date
- Jul 2009
- Location
- New Zealand
- Posts
- 327
- Mentioned
- 14 Post(s)
- Tagged
- 0 Thread(s)
You won't need to do any more 'security' checks on the input heading for phpMailer - however you will need to do all your standard validation checks to help out the usability of the form.
If the inputs are simply headed to the email, phpMailer has you sorted. If you're doing any other code with them - you'll need to make sure you're handling them well yourself.
phpMailer won't do things like remove unwanted html. So if a user wanted to, they could include html into their form submissions, and if you weren't stripping it then it may make it through to your html email. That's not so much security, as validation however.Last edited by Mal Curtis; Sep 10, 2009 at 19:58. Reason: I can't spells good.
Bookmarks