There are lots of PHP articles about the subject so is this a PHP only problem. I am sending emails using System.Net.Mail after some regular expression checks of course. Similar to http://weblogs.asp.net/scottgu/archive/2005/12/10/432854.aspx
-
I've never heard of that issue in ASP.NET. However, you should trust user input about as much as you'd trust a hooker with your wallet.
From Will -
the PHP email injection attack works because of a weakness in the PHP Mail() function. As a .net developer you need not worry.
From Danimal -
As long as you are using the MailAddress object, I think you're fine, because injections will only manage to throw FormatExceptions for the specified address.
Examples of how to properly use the System.Net.Mail components are included in that MSDN page; be sure to follow them and you will be fine.
From Jon Limjap
0 comments:
Post a Comment