C:\perl\bin\perl.exe -T %s %s where the C:\perl\bin\ should be changed to the appropriate path to where the perl executable is installed. You should then rename any NMS programs you want to use with a .plt extension rather than .pl. The way that this configuration is actually done differs between versions of IIS, so you will need to consult the documentation for your version if you want to do it yourself. The reason that you have to do this is because Windows does not have the notion of the shebang (#!) line that Unix has to tell the OS how to run an interpreted program (using associations between an extension and a program that will run it instead). When a Perl program is run by Windows it is always as if it had been run like: perl program.pl (Apache on Windows appears to behave like Unix but infact this behaviour is emulated ). Now when Perl runs reads a program file in before running it one of the first things that it does is to check the check the shebang line and if it contains 'perl' it will parse it to find if there are any switches there that should be applied and (with one or two exceptions) it applies them (as an aside, if 'perl' is not found in the line it will try to use what is found there as program to be executed with the script name as an argument). The '-T' is one of the exceptions because by the time that perl has discovered that you want to turn taint checking on it is already too late to ensure that all of the environment that the program inherits is properly 'tainted' and rather than compromise the security checks that tainting affords it is safer to abandon the program altogether. Of course because the taint checking is based on the source of the data and how it is being used and because this don't really change from one environment to another it is fairly safe to say that if we have tested the program with the '-T' switch than it is relatively safe to remove it if you have to. Of course if you remove tainting and then make alterations to the program such that new data is introduced or existing data is used in a different way then you may be unwittingly introducing a new vulnerability. [quote] > Dan: > > That's a good guess. It's the NMS formmail script for Windows, and this is > how the top of the file looks - > > #!/usr/bin/perl -wT > # > # NMS FormMail Version 3.08c1 > # > > but isn't that octothorpe a comment tag? > > Anyhow, I got it sorted out. I had the $mailprog specified incorrectly as > SMTP:[url]www.domain.com[/url], rather than SMTP:[url]www.host.com[/url]! > > Thanks....[/quote] -- Team Macromedia Volunteer for Dreamweaver Certified Dreamweaver MX Developer [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => <3F09D4D5.7070604@_the_bottom_of_the_post.com> [htmlstate] => on_nl2br [postusername] => Alan Ames [ip] => blu@formdude.co [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 1 [islastshown] => [isfirstshown] => 1 [attachments] => [allattachments] => ) --> Formmail error question - Macromedia Dreamweaver

Formmail error question - Macromedia Dreamweaver

[url]http://nms-cgi.sourceforge.net/faq_prob.html[/url] short version- get rid of the Taint checking pointer- or contact host. #!/usr/bin/perl (if that's where Perl is on that windows box??) have you checked out using the brainjar formmail.asp option for that site?? <q> I am getting the Error ' Too late for "-T" option', what can I do ? The '-T' turns on Perl's taint checking, this basically means that data coming from outside the program is marked as 'tainted' (untrustworthy) and attempts to use that data in certain ways will result in an error in the program unless the data is checked carefully. All secure CGI ...

  1. #1

    Default Re: Formmail error question

    [url]http://nms-cgi.sourceforge.net/faq_prob.html[/url]

    short version- get rid of the Taint checking pointer- or contact host.

    #!/usr/bin/perl
    (if that's where Perl is on that windows box??)

    have you checked out using the brainjar formmail.asp option for that site??

    <q>
    I am getting the Error ' Too late for "-T" option', what can I do ?

    The '-T' turns on Perl's taint checking, this basically means that data
    coming from outside the program is marked as 'tainted' (untrustworthy) and
    attempts to use that data in certain ways will result in an error in the
    program unless the data is checked carefully. All secure CGI programs should
    use taint checking, as the Internet is a fundamentally insecure medium.

    That you are getting this error probably suggests that your web server is
    Microsoft IIS. If the administrator of the web server is open to making
    changes to the configuration probably the best idea would be to have them
    create a new association for your cgi-bin directory for files with a .plt
    extension:

    .plt --> C:\perl\bin\perl.exe -T %s %s

    where the C:\perl\bin\ should be changed to the appropriate path to where
    the perl executable is installed. You should then rename any NMS programs
    you want to use with a .plt extension rather than .pl. The way that this
    configuration is actually done differs between versions of IIS, so you will
    need to consult the doentation for your version if you want to do it
    yourself.

    The reason that you have to do this is because Windows does not have the
    notion of the shebang (#!) line that Unix has to tell the OS how to run an
    interpreted program (using associations between an extension and a program
    that will run it instead). When a Perl program is run by Windows it is
    always as if it had been run like:

    perl program.pl

    (Apache on Windows appears to behave like Unix but infact this behaviour is
    emulated ). Now when Perl runs reads a program file in before running it one
    of the first things that it does is to check the check the shebang line and
    if it contains 'perl' it will p it to find if there are any switches
    there that should be applied and (with one or two exceptions) it applies
    them (as an aside, if 'perl' is not found in the line it will try to use
    what is found there as program to be executed with the script name as an
    argument). The '-T' is one of the exceptions because by the time that perl
    has discovered that you want to turn taint checking on it is already too
    late to ensure that all of the environment that the program inherits is
    properly 'tainted' and rather than compromise the security checks that
    tainting affords it is safer to abandon the program altogether.

    Of course because the taint checking is based on the source of the data and
    how it is being used and because this don't really change from one
    environment to another it is fairly safe to say that if we have tested the
    program with the '-T' switch than it is relatively safe to remove it if you
    have to. Of course if you remove tainting and then make alterations to the
    program such that new data is introduced or existing data is used in a
    different way then you may be unwittingly introducing a new vulnerability.
    </q>
    > Dan:
    >
    > That's a good guess. It's the NMS formmail script for Windows, and this is
    > how the top of the file looks -
    >
    > #!/usr/bin/perl -wT
    > #
    > # NMS FormMail Version 3.08c1
    > #
    >
    > but isn't that octothorpe a comment tag?
    >
    > Anyhow, I got it sorted out. I had the $mailprog specified incorrectly as
    > SMTP:[url]www.domain.com[/url], rather than SMTP:[url]www.host.com[/url]!
    >
    > Thanks....
    --
    Team Macromedia Volunteer for Dreamweaver
    Certified Dreamweaver MX Developer

    Alan Ames Guest

  2. #2

    Default Re: Formmail error question

    Alan:

    That's a wonderfully comprehensive answer.

    I got it working yesterday, and have broken it again! 8(

    I am using the nms formmail script on W2KServer, and I think I have it
    configured properly. But after some changes this morning it is no longer
    working once again. I will post back if CW is unable to help me fix it!

    --
    Murray --- ICQ 71997575
    Team Macromedia Volunteer for Dreamweaver MX
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    [url]news://forums.macromedia.com/macromedia.dreamweaver[/url] - THE BEST WAY TO GET
    ANSWERS
    ==================
    [url]http://www.dreamweavermx-templates.com[/url] - Template Triage!
    [url]http://www.projectseven.com/go[/url] - DW FAQs, Tutorials & Resources
    [url]http://www.DreamweaverFAQ.com[/url] - DW FAQs, Tutorials & Resources
    [url]http://www.macromedia.com/support/search/[/url] - Macromedia (MM) Technotes
    ==================

    "Alan Ames" <bluformdude.com> wrote in message
    news:BB30532B.13AD02%bluformdude.com...
    > [url]http://nms-cgi.sourceforge.net/faq_prob.html[/url]
    >
    > short version- get rid of the Taint checking pointer- or contact host.
    >

    Murray *TMM* Guest

  3. #3

    Default Re: Formmail error question

    Thanx, Gary!

    --
    Murray --- ICQ 71997575
    Team Macromedia Volunteer for Dreamweaver MX
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    [url]news://forums.macromedia.com/macromedia.dreamweaver[/url] - THE BEST WAY TO GET
    ANSWERS
    ==================
    [url]http://www.dreamweavermx-templates.com[/url] - Template Triage!
    [url]http://www.projectseven.com/go[/url] - DW FAQs, Tutorials & Resources
    [url]http://www.DreamweaverFAQ.com[/url] - DW FAQs, Tutorials & Resources
    [url]http://www.macromedia.com/support/search/[/url] - Macromedia (MM) Technotes
    ==================

    "Gary White" <replynewsgroup.please> wrote in message
    news:h9olgvch85pud1b9g442plmicbvp2a16in4ax.com...
    > On Tue, 8 Jul 2003 08:20:15 -0400, "Murray *TMM*"
    > <forumsHAHAgreat-web-sights.com> wrote:
    >
    > >#!/usr/bin/perl -wT
    >
    > >but isn't that octothorpe a comment tag?
    >
    > Yes. It is. However, that's also the way the path to Perl is
    > specified. It's commonly referred to as the "shebang" line.
    >
    > To further dissect that particular line, the -w turns on warnings to
    > display any warnings or errors.
    >
    > The -T parameter turns on Taint mode, which means that variables that
    > come from outside the script cannot modify files or other processes
    > without first being "cleaned" or checked by the script. Taint mode is
    > STRONGLY recommended for any script that uses user supplied data, like
    > from a form.
    >
    > The -wT is simply a combination of the two.
    >
    >
    > Gary

    Murray *TMM* Guest

  4. #4

    Default Re: Formmail error question

    On Tue, 8 Jul 2003 11:50:17 -0400, "Murray *TMM*"
    <forumsHAHAgreat-web-sights.com> wrote:
    >Thanx, Gary!
    You're welcome, Murray.


    Gary
    Gary White Guest

Similar Threads

  1. FormMail help needed
    By gpots in forum Macromedia Dynamic HTML
    Replies: 0
    Last Post: November 1st, 01:30 AM
  2. formmail.cgi problem
    By Marcel in forum PERL Modules
    Replies: 5
    Last Post: June 3rd, 10:14 AM
  3. FormMail
    By Maurizio Forneris in forum Macromedia Flash
    Replies: 1
    Last Post: September 30th, 03:30 PM
  4. [php] formmail.pl formmail.php
    By John Taylor-Johnston in forum PHP Development
    Replies: 1
    Last Post: September 22nd, 02:23 AM
  5. formmail question PLEASE HELP
    By Alan Ames in forum Macromedia Dreamweaver
    Replies: 3
    Last Post: July 10th, 02:01 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •