server). Passwords are encoded as they are added to links in the reply page’s selection
list, and they remain encoded in URLs and hidden form fields thereafter.
But you shouldn’t use a URL like this, unless you don’t care about ex-
posing your email password. Sending your unencrypted mail user ID
and password strings across the Net in a URL such as this is unsafe and
open to interception. In fact, it’s like giving away your email—anyone
who intercepts this URL or views it in a server logfile will have complete
access to your email account. It is made even more treacherous by the
fact that this URL format appears in a book that will be distributed all
around the world.
If you care about security and want to use PyMailCGI on a remote server,
install it on your server and configure mailconfig and secret. That
should at least guarantee that both your user and password information
will never be transmitted unencrypted in a single transaction. This
scheme still may not be foolproof, so be careful out there. Without se-
cure HTTP and sockets, the Internet is a “use at your own risk” medium.The Message View Page
Back to our page flow; at this point, we are still viewing the message selection list in
Figure 16-8. When we click on one of its generated hyperlinks, the stateful URL invokes
the script in Example 16-8 on the server, sending the selected message number and
mail account information (user, password, and site) as parameters on the end of the
script’s URL.
Example 16-8. PP4E\Internet\Web\PyMailCgi\cgi-bin\onViewListLink.py
#!/usr/bin/python
"""
################################################################################
On user click of message link in main selection list: make mail view page;
cgi.FieldStorage undoes any urllib.parse escapes in link's input parameters
(%xx and '+' for spaces already undone); in 2.0+ we only fetch 1 mail here, not
the entire list again; in 2.0+ we also find mail's main text part intelligently
instead of blindly displaying full text (with any attachments), and we generate
links to attachment files saved on the server; saved attachment files only work
for 1 user and 1 message; most 2.0 enhancements inherited from mailtools pkg;
3.0: mailtools decodes the message's full-text bytes prior to email parsing;
3.0: for display, mailtools decodes main text, commonhtml decodes message hdrs;
################################################################################
"""
import cgi
import commonhtml, secret
from externs import mailtools
#commonhtml.dumpstatepage(0)
Reading POP Email| 1259