how to mail a form in JSP

J

janoo

hi this is ravin. i m a last year IT student and i am doing my project
at a govt. organization. i have to do one thing in my project that:
there is a feedback form which is to be filled by any user.
it is having four fields.
Click to expand...
1) name
2) tel.no
3) e-mail address
4) comments
i simply have to mail this fields to the org.'s mail address when user hits submit button. there is nothing to do with this fields.
Click to expand...

please send releated help as early as possible.
 
S

steen

How about a simple example? I googled this up in about two minutes
using keywords {jsp mailto form} and it was the fourth hit.

http://www.peostri.army.mil/BAA/comments.jsp
Click to expand...

Well that example doesnt really show much, except the html for sending
the email, but I noticed a single thing about that example that you
should _never_ _ever_ do....the "to" email is a hidden field in the
form, and if your code just accepts that email "as-is", you open
yourself to all kinds of problems. Instead if your form as different
possible mail-to options, have the form submit a value like "1" and
then select the appropriate email from an array or something. Just
thought I'd share this thought.

/Steen
 
A

Alex Hunsley

steen said:
Well that example doesnt really show much, except the html for sending
the email, but I noticed a single thing about that example that you
should _never_ _ever_ do....the "to" email is a hidden field in the
form, and if your code just accepts that email "as-is", you open
yourself to all kinds of problems. Instead if your form as different
possible mail-to options, have the form submit a value like "1" and
then select the appropriate email from an array or something. Just
thought I'd share this thought.

/Steen
Click to expand...

Another classic web email form of attack:
If the mail form code just blindly puts the body as typed in by the user
as the body of the email, it can be vulnerable: a naughty person could
something like the following in the body field:

Bcc: someaddress@somewhere

... and in some circumstances, because this looks like a header, it can
be interpreted as a header by the mail agent, if it's the first thing in
the body.
 
O

Oliver Wong

Alex Hunsley said:
Another classic web email form of attack:
If the mail form code just blindly puts the body as typed in by the user
as the body of the email, it can be vulnerable: a naughty person could
something like the following in the body field:

Bcc: someaddress@somewhere

.. and in some circumstances, because this looks like a header, it can
be interpreted as a header by the mail agent, if it's the first thing in
the body.
Click to expand...

Interesting. I thought you needed a blank line between the header and
the body of an e-mail (assuming SMTP anyway), otherwise the SMTP server
would reject the e-mail as being invalid. So if your code were indeed
vulnerable to this attack, I'd imagine you'd find out very soon (the first
e-mail which doesn't start with a blank line and can't be interpreted as a
header would fail).

- Oliver
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to convert Apple Mail files for use in Outlook? 1
Bootstrap contact form not working 2
Php modal form to email 1
How to add a subject value in a php contact form 0
HCaptcha - How to stop page from refreshing on submit if captcha is not checked/validated 1
How to interrupt the <Input type="submit> button in a form 4
Login form no longer working 2
Why is this WordPress comments form not submitting? 1

Members online

Total: 311 (members: 2, guests: 309)
Robots: 250

Forum statistics

Threads
474,434
Messages
2,571,689
Members
48,796
Latest member
Greg L.

Latest Threads

Top