[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] POST from HTML email
- Subject: [ale] POST from HTML email
- From: cluon at geeklabs.com (Mike Harrison)
- Date: Thu, 27 Jan 2011 04:28:48 -0500 (EST)
- In-reply-to: <1296094450.1902.477.camel@cfowler-desktop>
- References: <1296092965.1902.471.camel@cfowler-desktop> <[email protected]> <1296094450.1902.477.camel@cfowler-desktop>
On Wed, 26 Jan 2011, Chris Fowler wrote:
> This is for a trouble ticket reporting system. I want them to be able
> to click a button on the email and assign the ticket as well as view the
> ticket details on the web page.
It will (probably) work in MS-Outlook, I haven't seen the VBS (Virus
Broadcast System) laden e-mail client in years... Hopefully they removed
the embedded web browser functionality for MS-Outlook. This was the type
of functionality that caused it to be a major virus and security risk
vector.
E-Mail clients should not: run javascript, allow form posts.. run Flash
files.. auto-display PDF's/Docs/XLS.. basicly not do anything that can
execute code automatically.
> I'm going to modify the web interface to support a get for assigning and
> then I will use an image of a button in the HTML email to fake the
> submit.
>
> The user will need a valid cookie for all this to work. Without a
> cookie they will be presented with the login page.
Even if this is an internal only system:
Please allow/use only https.
Remember a "valid" cookie is not necessarily authentication,
but might be acceptable for low risk situations.
I sometimes feel I'm the last person in the world using simple/digest auth
methods..