Friday, February 4, 2011

As a ASP.NET programmer, do I need to be concerned about email injection attacks ?

There are lots of PHP articles about the subject so is this a PHP only problem. I am sending emails using System.Net.Mail after some regular expression checks of course. Similar to http://weblogs.asp.net/scottgu/archive/2005/12/10/432854.aspx

  • I've never heard of that issue in ASP.NET. However, you should trust user input about as much as you'd trust a hooker with your wallet.

    From Will
  • the PHP email injection attack works because of a weakness in the PHP Mail() function. As a .net developer you need not worry.

    From Danimal
  • As long as you are using the MailAddress object, I think you're fine, because injections will only manage to throw FormatExceptions for the specified address.

    Examples of how to properly use the System.Net.Mail components are included in that MSDN page; be sure to follow them and you will be fine.

    From Jon Limjap

0 comments:

Post a Comment