[ale] POST from HTML email
Mike Harrison
cluon at geeklabs.com
Thu Jan 27 04:28:48 EST 2011
On Wed, 26 Jan 2011, Chris Fowler wrote:
> This is for a trouble ticket reporting system. I want them to be able
> to click a button on the email and assign the ticket as well as view the
> ticket details on the web page.
It will (probably) work in MS-Outlook, I haven't seen the VBS (Virus
Broadcast System) laden e-mail client in years... Hopefully they removed
the embedded web browser functionality for MS-Outlook. This was the type
of functionality that caused it to be a major virus and security risk
vector.
E-Mail clients should not: run javascript, allow form posts.. run Flash
files.. auto-display PDF's/Docs/XLS.. basicly not do anything that can
execute code automatically.
> I'm going to modify the web interface to support a get for assigning and
> then I will use an image of a button in the HTML email to fake the
> submit.
>
> The user will need a valid cookie for all this to work. Without a
> cookie they will be presented with the login page.
Even if this is an internal only system:
Please allow/use only https.
Remember a "valid" cookie is not necessarily authentication,
but might be acceptable for low risk situations.
I sometimes feel I'm the last person in the world using simple/digest auth
methods..
More information about the Ale
mailing list