« Spam blacklists as denial-of-service attacks? | Main | Malware analysis: Troj/Winser-A »

December 27, 2004



Excellent article Steve.



I liked your article, but you never mentioned using regex to validate the user input. If you use regex, you can check the string the user entered and therefore easily determine if they have entered anything other than an email address [even though the email address may not be a valid address].

The comments to this entry are closed.


  • Steve Friedl is a software and network security consultant in Southern California. He has been a C and UNIX developer since 1981 and has an exceptionally broad background in this area. Some areas of expertise include:

    • C and C++ systems software development on the UNIX and Win32 platforms
    • Communications, including serial and TCP/IP based controllers
    • Enterprise internet security administration and configuration
    • Penetration tests, audits, and network reviews
    • Security forensics, reverse engineering, and tools development
    • General UNIX and Windows system/network administration
    • The Windows Printing System
    • Database software development
    • Technology problem solving and research
    • Technical writing and standup training

Unix Wiz

Stephen J. FriedlSoftware ConsultantOrange County, CA USASteve@unixwiz.net