[Gllug] another question, more linux related though...

[Bruce Richardson]

On Sun, Jul 29, 2001 at 04:00:29PM +0100, Anthony Leung wrote:
> encouraged by the great help: was wondering if anybody knows of a way of
> getting a red hat server to accept an email and update a web page, whether
> it just saves it as html or uses dynamic stuff to get the file saved in some
> place.

Most mtas can be configured to deliver mail to a shell script or pipe.
The mail can then be processed any way you like.

> I don't have any contact with web servers so I'm completely clueless on that
> front.
> I'm quite honestly surprised that this hasn't been done more often...

The spam reaching this list should give you a clue about that.  E-mail
contains no mechanism for guarantueeing the authenticity of a message or
its sender.  Defacing websites would be child's play if all you had to
do was send an e-mail with forged headers.  

In addition, the script which processed the mail would have to be very
carefully written to handle escape characters etc.  Otherwise a
carefully formatted e-mail could be used to execute any command
available to the user running the mail process.

Any ISP making such a prodedure publicly available might as well paint a
target on itself saying "Crack me here".

ftp is simple, immediate, requires the user to authenticate and can be
restricted to a specific range of valid ip addresses.  It isn't perfect
but the above scenario makes it look like Fort Knox in comparison.
-- 
Bruce

Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant.  -- Roger Bacon, "Doctor Mirabilis"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20010729/7895eaa2/attachment.pgp>