Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Run PHP script when new email received
Operating Systems Linux Run PHP script when new email received Post 302462562 by DGPickett on Thursday 14th of October 2010 01:02:08 PM
Old 10-14-2010
Technically unacceptable is somehow worse than Politically unacceptable? Many milieu are very security concsious, and more are getting more so every day; many nice features are being turned off, so the wise user includes the local security culture in their tool choice process. Everyone should have at least a virtual seat at the design table: Security, Testing, Admin, Production Support, Configuration Management, Legal, all levels of Users as well as Management and Development.

Of course, if we had better requirements . . . . They say even a very dumb engineer can design and implement from good requirements, but writing good requirements takes a very good engineer.
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Did not received any email for account activation

hi I did not received any such email for account activation nor i am able to see any status in my profile. Am i missing anything?? :confused: Please help Appreciated. (0 Replies)
Discussion started by: bhush782003
0 Replies

2. UNIX for Advanced & Expert Users

Problem with mailx - Can execute but email not received

Hi, I tried running mailx command like this: sadm@bioinfo-z:~$ mailx foobar@gmail.com Subject: testgmail Some content. . EOT As you can see although it is successfuly executed. But still I can't receive email at my foobar@gmail.com account. What is the cause? (9 Replies)
Discussion started by: monkfan
9 Replies

3. UNIX for Dummies Questions & Answers

run a script from incoming email

hi I have a bit of a problem i need help with. I have a script that runs no problems when i run it manually. as soon as i stick in tester: /app/scripts/run.pl into /etc/aliases & try to run it by sending a mail it doesnt work. the output files are owned by daemon, which i dont like & think... (7 Replies)
Discussion started by: jojo77
7 Replies

4. Forum Support Area for Unregistered Users & Account Problems

no email received

I have tried to register and got a message saying an email would be sent but no email has turned up. Could you try again please? (1 Reply)
Discussion started by: lookingfor help
1 Replies

5. UNIX for Advanced & Expert Users

problem on email sent but not received

hi.. I have the porblem where the email was sent but not received by users.. The message as below:- Dec 16 11:42:04 isp postfix/smtp: A80042B4B: to=<user_name@example.com.my>, relay=smtp.example.com.my:25, delay=890, delays=0.17/0.02/31/859, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued... (1 Reply)
Discussion started by: bh_hensem
1 Replies

6. Shell Programming and Scripting

Run a script when I receive an email

Hi expert I wish to start a shell script when I receive an email. I modified the aliases file and I add this string as400nag: "|/home/nag-script/startstop/AS400-Boot.sh The solution works . When the as400nag user receive an email the /home/nag-script/startstop/AS400-Boot.sh starts .but... (3 Replies)
Discussion started by: emi65
3 Replies

7. Forum Support Area for Unregistered Users & Account Problems

No activation email received

I have tried to register today with the username BatterBits, but have not received the activation email I do not live in any of the restricted countries - unless the UK has suddenly become a threat! I'd be grateful if you would assist. many thanks Ian (2 Replies)
Discussion started by: unregistered
2 Replies

8. Shell Programming and Scripting

How to check email with attachment received or not from UNIX shell script?

Hello Guys, Here is the requirement!! I want to check the mail with attachment received or not through unix scripting. And send an notification email when mail with attachment already received. Any thoughts on this is much appreciated!! Regards, Harry (0 Replies)
Discussion started by: dharry2017
0 Replies

9. Shell Programming and Scripting

Adding a blank line in between two O/Ps in tabular format which gets received over email

Hi Guys, I am stuck in between and seeking help here. Requirement: A script that will run every morning which will connect to Mysql database and run the query to inform us about the holidays (it will also check if there were any holidays during last 2 business days). So the three queries are... (11 Replies)
Discussion started by: Sambit Sahu
11 Replies

10. Shell Programming and Scripting

Shell script run in a case statement call to run a php file, also Perl

Linux System having all Perl, Python, PHP (and Ruby) installed From a Shell script, can call a Perl, Python, PHP (or Ruby ?) file eg eg a Shell script run in a case statement call to run a php file, also Perl or/and Python file??? Like #!/usr/bin/bash .... .... case $INPUT_STRING... (1 Reply)
Discussion started by: hoyanet
1 Replies

LEARN ABOUT FREEBSD

sdoc

SDOC(7) 					       BSD Miscellaneous Information Manual						   SDOC(7)

NAME

     sdoc -- guide to adding security considerations sections to manual pages

DESCRIPTION

     This document presents guidelines for adding security considerations sections to manual pages.  It provides two typical examples.

     The guidelines for writing FreeBSD manual pages in groff_mdoc(7) mandate that each manual page describing a feature of the FreeBSD system
     should contain a security considerations section describing what security requirements can be broken through the misuse of that feature.
     When writing these sections, authors should attempt to achieve a happy medium between two conflicting goals: brevity and completeness.  On
     one hand, security consideration sections must not be too verbose, or busy readers might be dissuaded from reading them.  On the other hand,
     security consideration sections must not be incomplete, or they will fail in their purpose of instructing the reader on how to avoid all
     insecure uses.  This document provides guidelines for balancing brevity and completeness in the security consideration section for a given
     feature of the FreeBSD system.

   Where to Start
     Begin by listing those general security requirements that can be violated through the misuse of the feature.  There are four classes of secu-
     rity requirements:

	   integrity (example: non-administrators should not modify system binaries),

	   confidentiality (example: non-administrators should not view the shadow password file),

	   availability (example: the web server should respond to client requests in a timely fashion), and

	   correctness (example: the ps program should provide exactly the process table information listing functionality described in its docu-
		   mentation - no more, no less.)

     A good security considerations section should explain how the feature can be misused to violate each general security requirement in the
     list.  Each explanation should be accompanied by instructions the reader should follow in order to avoid a violation.  When referencing
     potential vulnerabilities described in the Secure Programming Practices manual page, sprog(7), likewise cross-reference that document rather
     than replicating information.  Whenever possible, refer to this document rather than reproducing the material it contains.

   Where to Stop
     Security problems are often interrelated; individual problems often have far-reaching implications.  For example, the correctness of virtu-
     ally any dynamically-linked program is dependent on the correct implementation and configuration of the run-time linker.  The correctness of
     this program, in turn, depends on the correctness of its libraries, the compiler used to build it, the correctness of the preceding compiler
     that was used to build that compiler, and so on, as described by Thompson (see SEE ALSO, below).

     Due to the need for brevity, security consideration sections should describe only those issues directly related to the feature that is the
     subject of the manual page.  Refer to other manual pages rather than duplicating the material found there.

EXAMPLES

     Security considerations sections for most individual functions can follow this simple formula:

	   1.	Provide one or two sentences describing each potential security problem.
	   2.	Provide one or two sentences describing how to avoid each potential security problem.
	   3.	Provide a short example in code.

     This is an example security considerations section for the strcpy(3) manual page:

     The strcpy() function is easily misused in a manner which enables malicious users to arbitrarily change a running program's functionality
     through a buffer overflow attack.

     Avoid using strcpy().  Instead, use strncpy() and ensure that no more characters are copied to the destination buffer than it can hold.  Do
     not forget to NUL-terminate the destination buffer, as strncpy() will not terminate the destination string if it is truncated.

     Note that strncpy() can also be problematic.  It may be a security concern for a string to be truncated at all.  Since the truncated string
     will not be as long as the original, it may refer to a completely different resource and usage of the truncated resource could result in very
     incorrect behavior.  Example:

     void
     foo(const char *arbitrary_string)
     {
	     char onstack[8];

     #if defined(BAD)
	     /*
	      * This first strcpy is bad behavior.  Do not use strcpy()!
	      */
	     (void)strcpy(onstack, arbitrary_string);	  /* BAD! */
     #elif defined(BETTER)
	     /*
	      * The following two lines demonstrate better use of
	      * strncpy().
	      */
	     (void)strncpy(onstack, arbitrary_string, sizeof(onstack) - 1);
	     onstack[sizeof(onstack - 1)] = '';
     #elif defined(BEST)
	     /*
	      * These lines are even more robust due to testing for
	      * truncation.
	      */
	     if (strlen(arbitrary_string) + 1 > sizeof(onstack))
		     err(1, "onstack would be truncated");
	     (void)strncpy(onstack, arbitrary_string, sizeof(onstack));
     #endif
     }

     Security considerations sections for tools and commands are apt to be less formulaic.  Let your list of potentially-violated security
     requirements be your guide; explain each one and list a solution in as concise a manner as possible.

     This is an example security considerations section for the rtld(1) manual page:

     Using the LD_LIBRARY_PATH and LD_PRELOAD environment variables, malicious users can cause the dynamic linker to link shared libraries of
     their own devising into the address space of processes running non-set-user-ID/group-ID programs.	These shared libraries can arbitrarily
     change the functionality of the program by replacing calls to standard library functions with calls to their own.	Although this feature is
     disabled for set-user-ID and set-group-ID programs, it can still be used to create Trojan horses in other programs.

     All users should be aware that the correct operation of non set-user-ID/group-ID dynamically-linked programs depends on the proper configura-
     tion of these environment variables, and take care to avoid actions that might set them to values which would cause the run-time linker to
     link in shared libraries of unknown pedigree.

SEE ALSO

     groff_mdoc(7), security(7), sprog(7)

     Edward Amoroso, AT&T Bell Laboratories, Fundamentals of Computer Security Technology, P T R Prentice Hall, 1994.

     Ken Thompson, "Reflections on Trusting Trust", Association for Computing Machinery, Inc., Communications of the ACM, Vol. 27, No. 8, 761-763,
     August, 1984.

HISTORY

     The sdoc manual page first appeared in FreeBSD 5.0.

AUTHORS

     Tim Fraser <tfraser@tislabs.com>, NAI Labs CBOSS project
     Brian Feldman <bfeldman@tislabs.com>, NAI Labs CBOSS project

BSD
								 September 5, 2005							       BSD
All times are GMT -4. The time now is 05:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy