Page 1 of 1

Plugin for header injection prevention

Posted: Sun Feb 08, 2009 4:57 pm
by alex.barylski
I asked in the security forum the other day about header injections and it was brought to my attention that it's mostly in issue for SMTP.

I'm curious if Swift does anything to prevent exploits, or if it's possible to use a plugin?

Is this something that 'must' be handled by the client developer?

Re: Plugin for header injection prevention

Posted: Sun Feb 08, 2009 9:21 pm
by Chris Corbyn
It's not possible to perform header-injection with Swift unless you do it explicitly by using the addHeader() methods etc. Swift doesn't "strip" dangerous data... instead it encodes it into data that is usable. i.e. if somebody tries to inject a new line (\x0A) Swift Mailer will not add the new line character, instead it adds "=0A" which decodes back to a new line on the client side, without breaking the headers.

Lossless security :)