I am working on implementing a email-through-a-form solution to spam
avoidance.

I have a PHP script that works and I have the recipient email
addresses embedded in the script (i.e. not in the HTML page). So I
would like be able to prevent any users (especially spambots) from
being able to read the script.

In my limited testing I have not been able to get a browser to view
the PHP file. Nor have I been able to retrieve the PHP file with
anonymous FTP. But I know I am not nearly imformed or clever enough to
believe that I have "proven" that the script is sufficiently secure.

Are there certain directories I should or should not use? Are there
file permissions that I should use or should not use? Is having a
"guessable" filename an issue? Is PHP OK for this purpose or should I
look at another type of script?

Please tell me (or point me to) what I need to do to secure this
script from prying eyes?

Any help will be appreciated.

--

John Small

(remove the z's for email address)

John Small wrote:
> I am working on implementing a email-through-a-form solution to spam
> avoidance.
>
> I have a PHP script that works and I have the recipient email
> addresses embedded in the script (i.e. not in the HTML page). So I
> would like be able to prevent any users (especially spambots) from
> being able to read the script.
>
> In my limited testing I have not been able to get a browser to view
> the PHP file. Nor have I been able to retrieve the PHP file with
> anonymous FTP. But I know I am not nearly imformed or clever enough to
> believe that I have "proven" that the script is sufficiently secure.
>
> Are there certain directories I should or should not use? Are there
> file permissions that I should use or should not use? Is having a
> "guessable" filename an issue? Is PHP OK for this purpose or should I
> look at another type of script?
>
> Please tell me (or point me to) what I need to do to secure this
> script from prying eyes?

As long as the server is configured correctly, noone will ever be able to
retrieve the target emailadress.
A point for security though, is header injection.
http://www.securephpwiki.com/index.php/Email_Injection
--
Rik Wasmus

John Small wrote:

> In my limited testing I have not been able to get a browser to view
> the PHP file.

Yep -- that's the way PHP works (and indeed all server-side scripting).
The server never sends the PHP file to the browser -- it only sends the
results of processing the file.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

John Small wrote

> I am working on implementing a email-through-a-form solution to spam
> avoidance.
>
> I have a PHP script that works and I have the recipient email
> addresses embedded in the script (i.e. not in the HTML page). So I
> would like be able to prevent any users (especially spambots) from
> being able to read the script.
>
> In my limited testing I have not been able to get a browser to view
> the PHP file. Nor have I been able to retrieve the PHP file with
> anonymous FTP. But I know I am not nearly imformed or clever enough to
> believe that I have "proven" that the script is sufficiently secure.
>
> Are there certain directories I should or should not use? Are there
> file permissions that I should use or should not use? Is having a
> "guessable" filename an issue? Is PHP OK for this purpose or should I
> look at another type of script?
>
> Please tell me (or point me to) what I need to do to secure this
> script from prying eyes?
>
> Any help will be appreciated.

In agreement with the other replies. An unguessable name never goes
wrong.

--
Charles Sweeney
http://CharlesSweeney.com

And lo, Charles Sweeney didst speak in alt.www.webmaster:

> John Small wrote
>
>> Any help will be appreciated.
>
> In agreement with the other replies. An unguessable name never goes
> wrong.

Fat lot of good it did for Rumplestiltskin.

Grey

--
The technical axiom that nothing is impossible sinisterly implies the
pitfall corollary that nothing is ridiculous.
- http://www.greywyvern.com/orca#search - Orca Search: Full-featured
spider and site-search engine

GreyWyvern wrote

> And lo, Charles Sweeney didst speak in alt.www.webmaster:
>
>> John Small wrote
>>
>>> Any help will be appreciated.
>>
>> In agreement with the other replies. An unguessable name never goes
>> wrong.
>
> Fat lot of good it did for Rumplestiltskin.

lol!

--
Charles Sweeney
http://CharlesSweeney.com