J
Jon Vidar Grøtte
Hi,
We've made some simple html-pages which include a form for inserting data.
When the user clicks submit, the form is supposed to be sent by e-mail to a
specific e-mail account. This solution is used by some clients of ours to
report data into an applicaton, even if the user is off-site on a ship,
offshore, or similar.
To implement these html-pages, we've used the mailto protocol in conjunction
with the form tag. Something like this:
<form method="post" action="mailto:[email protected]?subject=Form mailto
test">
In our environment, this works just fine. We open the page in Internet
Explorer, submit the form, and IE opens our e-mail client (Lotus Notes) and
creates a new e-mail message with the correct recipient and the correct
subject. The post data is attached to the message in a file called
POSTDATA.ATT. The content of the file is in this format:
textbox1=Testvalue&textbox2=Testvalue&textbox3=Testvalue&textbox4=Testvalue&textbox5=Testvalue&textbox6=Testvalue&textbox7=Testvalue
But, as it seems, this is not working for all clients. We've recently
discovered that at one of our customers none of the clients get this to work
properly. They are using IE 6.0 to post the form, the e-mail client is
opened - they are using Lotus Notes - and the message is created, but with
no attached file; the POSTDATA.ATT is missing. This is really surprising,
specially since these clients are using IE 6.0 and Lotus Notes - which is
exactly the same as we are using in our environment - and here it's working
perfectly.
I know it's being said that the mailto protocol is "unreliable" or "not
recommended", but still we've not been able to find information about why
it's "unreliable". One should think that if two clients are using the same
browser and the same e-mail client, the result of the operation should be
the same at both the clients. In this case it's not.
We've also tried to find out if the mailto protocol can somehow be disabled,
either by a thirdparty application (like a antivirus client for instance) or
by the systems involved in the operation (OS, webbrowser, or the e-mail
client). No such luck so far.
My hope is that some of you reading this may be familiar to the topic, or
have some sort of first-hand information about the security issues involved
in this protocol, and that you're willing to help us out here.
Thank you.
Best regards,
Jon Vidar Grøtte
Synergi Solutions
We've made some simple html-pages which include a form for inserting data.
When the user clicks submit, the form is supposed to be sent by e-mail to a
specific e-mail account. This solution is used by some clients of ours to
report data into an applicaton, even if the user is off-site on a ship,
offshore, or similar.
To implement these html-pages, we've used the mailto protocol in conjunction
with the form tag. Something like this:
<form method="post" action="mailto:[email protected]?subject=Form mailto
test">
In our environment, this works just fine. We open the page in Internet
Explorer, submit the form, and IE opens our e-mail client (Lotus Notes) and
creates a new e-mail message with the correct recipient and the correct
subject. The post data is attached to the message in a file called
POSTDATA.ATT. The content of the file is in this format:
textbox1=Testvalue&textbox2=Testvalue&textbox3=Testvalue&textbox4=Testvalue&textbox5=Testvalue&textbox6=Testvalue&textbox7=Testvalue
But, as it seems, this is not working for all clients. We've recently
discovered that at one of our customers none of the clients get this to work
properly. They are using IE 6.0 to post the form, the e-mail client is
opened - they are using Lotus Notes - and the message is created, but with
no attached file; the POSTDATA.ATT is missing. This is really surprising,
specially since these clients are using IE 6.0 and Lotus Notes - which is
exactly the same as we are using in our environment - and here it's working
perfectly.
I know it's being said that the mailto protocol is "unreliable" or "not
recommended", but still we've not been able to find information about why
it's "unreliable". One should think that if two clients are using the same
browser and the same e-mail client, the result of the operation should be
the same at both the clients. In this case it's not.
We've also tried to find out if the mailto protocol can somehow be disabled,
either by a thirdparty application (like a antivirus client for instance) or
by the systems involved in the operation (OS, webbrowser, or the e-mail
client). No such luck so far.
My hope is that some of you reading this may be familiar to the topic, or
have some sort of first-hand information about the security issues involved
in this protocol, and that you're willing to help us out here.
Thank you.
Best regards,
Jon Vidar Grøtte
Synergi Solutions