[ZendTo] Drop-off Subject Line
Jules
Jules at Zend.To
Tue Feb 2 10:46:22 GMT 2021
Gregg,
Allowing outsiders to edit the Subject line is risky.
Did you know that you can (or certainly could in the past, I've done it
myself) actually embed an entire attachment in the Subject line of an
email? The most famous email app that would decode these successfully
was Outlook Express, but I wouldn't guarantee there aren't others out
there that can still do it. So allowing anyone in the world to edit the
subject line would be allowing a route in for viruses that hardly any
virus scanners will ever detect. I never found one that could spot it,
except for my own MailScanner (which I spent 12 years writing and
supporting).
Cheers,
Jules.
On Tue 02/02/21 09:55, Gregg Douglas via ZendTo wrote:
> Hi,
>
> When a person that is external to the organization wants to Drop-off a
> file, I see the Subject cannot be edited.
>
> I noticed in the Change Log for Version 6.04-1 Beta
>
> Subject in new drop-off form can now only be edited if you are
> logged in.
>
>
> Is there a reason for this? Can this not be changed so that it is
> configurable in the config file?
>
> Regards
> Gregg
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'The past is supposed to be a place of reference, not a place of
residence! There is a reason why your car has a big windshield and
a small rearview mirror. You are supposed to keep your eyes on where
you are going, and just occasionally check out where you have been.'
- Willie Jolley
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20210202/5b857d7f/attachment.html>
More information about the ZendTo
mailing list