I asked in the security forum the other day about header injections and it was brought to my attention that it's mostly in issue for SMTP.
I'm curious if Swift does anything to prevent exploits, or if it's possible to use a plugin?
Is this something that 'must' be handled by the client developer?
Plugin for header injection prevention
Moderators: Chris Corbyn, General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: Plugin for header injection prevention
It's not possible to perform header-injection with Swift unless you do it explicitly by using the addHeader() methods etc. Swift doesn't "strip" dangerous data... instead it encodes it into data that is usable. i.e. if somebody tries to inject a new line (\x0A) Swift Mailer will not add the new line character, instead it adds "=0A" which decodes back to a new line on the client side, without breaking the headers.
Lossless security
Lossless security