[ale] POST from HTML email

Michael Trausch mike at trausch.us
Wed Jan 26 21:22:11 EST 2011


If people actually submit forms from email I would report that as a security
vulnerability. Use a form on a page, for sure.

--
Sent from my HTC Vision (G2), running Gingerbread.
That is, a phone-like mobile device. :)
On Jan 26, 2011 9:14 PM, "Chris Fowler" <cfowler at outpostsentinel.com> wrote:
> On Wed, 2011-01-26 at 20:59 -0500, Mike Harrison wrote:
>> On Wed, 26 Jan 2011, Chris Fowler wrote:
>
>> For very D@!!* good reasons, Evolution (thankfully) does not enable such
>> insanity. It's why I use it for business e-mail (I use PINE for personal
>> stuff).
>>
>> Put a form on your website. Give them a link to it in your e-mail.
>>
>
> This is for a trouble ticket reporting system. I want them to be able
> to click a button on the email and assign the ticket as well as view the
> ticket details on the web page.
>
> I'm going to modify the web interface to support a get for assigning and
> then I will use an image of a button in the HTML email to fake the
> submit.
>
> The user will need a valid cookie for all this to work. Without a
> cookie they will be presented with the login page.
>
> Chris
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110126/a99798e9/attachment.html 


More information about the Ale mailing list