ASForm: Introduction and Features


Introduction

ASForm is a general-purpose, powerful, highly configurable HTML form-to-email processor for use on the World Wide Web and/or intranets. It was developed by Art Sackett of Art Sackett Professional Web Design for free distribution to meet the needs of many who have been unable to find a similar tool that adequately meets their needs.

ASForm includes a debugging utility that is, to the best of the developer's knowledge, unique in the free CGI application arena. Once ASForm is runnable, switching on the debug mode and invoking (running) ASForm will cause it to analyze your installation and configuration, and explain it to you in English as plain as is possible. Anything that might keep ASForm from working as you expect is called to your attention and explained, and the tests it performs are explained as they're done. You shouldn't have to guess why the thing might be doing things you didn't intend. As an aid in developing configuration files, debugging can be switched on in any configuration files you need to debug, while leaving those that are working in normal operation. You can be processing forms from the web normally while you create and test new configuration files without affecting those "live" configurations. The only exception to this is the main, default configuration -- setting debugging to on in this configuration turns it on for all configurations.

ASForm is at present a single-user, single domain application. Although it will support as many individual configurations as you care to write for it, it is not designed for a multi-user environment, as would be required by an ISP who needs to provide its functionality for many different users. A multi-user version will eventually follow, based upon the final release. (At this time, ASForm is in beta release. There may be bugs, but there are none that are known as of this writing. The intent is that the final release will be compatible with the beta version's configuration files, but this is not in any way guaranteed.)

Please note that although the distribution is free, ASForm comes with some restrictions regarding how you can use it, the Term of Use:

  1. ASForm is and must remain freely distributed. You may distribute it in any form you wish, but you may not receive any compensation for doing so. You may not charge a fee for the media that ASForm is distributed on, even if ASForm is bundled with other software.
  2. You may use ASForm for any purpose, even commercial purposes, so long as you are not selling ASForm or the media it is distributed on. The only exception to this is if you are selling a used computer system upon which ASForm is installed and ASForm is not a consideration in the price set.
  3. ASForm comes with no warranty or guarantee of any kind. If it breaks anything, you get to keep whatever little pieces may be left behind. The developer does not accept any liability whatsoever for any damage, either direct or consequential, that may be caused by ASForm.
  4. ASForm must not be deployed in any way that it's failure may cause or exacerbate a threat to the safety of persons or property.
  5. ASForm comes with no support from the developer except for paying clients of Art Sackett Professional Web Design.
  6. You may not alter or edit ASForm in any way, or create derivative works based upon it. Certain lines of code must be altered in some cases to configure ASForm to work in a given installation, and those lines are referenced within the documentation that comes with ASForm. All others are off limits. If you find a bug, report it to the developer.
  7. You may charge a fee for professional services rendered installing, configuring, and/or supporting ASForm. You must make your client aware that ASForm comes with no guarantee of any kind from the developer, and that he is not purchasing ASForm itself.
  8. Your possession of an unaltered copy of ASForm is your license to use it. No one can take that license away from you if you have not violated these terms of use. Period.

If it happens that you really like ASForm, especially if it helps you to make money, feel free to send a postcard, preferably with a picture of your home town on it, to the address that's all over at http://www.artsackett.com -- and feel free to contact Art Sackett Professional Web Design for your custom CGI application programming needs. ;-)

ASForm is like most other free CGI applications, in that it comes with absolutely no guarantees whatsoever. If it breaks things, you get to keep whatever little pieces might be left. It comes with no support unless you are or are willing to become a client of Art Sackett Professional Web Design. During the beta period for ASForm, feel free to send an email to cgibugs@artsackett.com if you are pretty certain that you've found a bug or need a quick question answered, after checking at http://www.artsackett.com/freebies/asform for a more recent version than the one you have. (The version number will always appear in the output of debug mode and in the headers of mail from ASForm.) Whether or not you hear back from me in a timely fashion, or at all, will be determined by my workload. We all gotta make a living.

ASForm is intended to be about as secure as any similar application can be, but at this time it still won't run with perl's -T flag set. This is mainly because it's time for me to get on with paying work, and will eventually be corrected. As ASForm runs, it is just looking for an excuse to die, and will not allow some of the more common security mistakes to be made. It checks to make sure that it ought to be sending files that are either mailed or returned to the internet user, and it refuses to cooperate if it finds that it lives in a file that is writable by the HTTP ("web") server. Because it does not accept email addresses for form submission report recipients from the web, it is not really very abusable. It does not expose recipients' email addresses on the web for harvesting spambots, and includes a very configurable HTTP_REFERER filter to ensure that other sites can't count on abusing your installation. It is simply not possible for a remote site to use ASForm as a conduit to your SMTP server for spamming -- with the exception of the address accepted from the web for Autoresponder messages, the only possible recipients of mail from ASForm are those you list in your configuration file(s). Because ASForm does not rely upon any Mail Transfer Agent (such as sendmail) it does not expose any security holes that are part and parcel of the "piped open" that has to happen if an MTA is used. ASForm is its own MTA, and talks to the SMTP server itself -- attempts to get a "shell" will end up as email if the transaction completes at all.

As an aid to maintaining security, once ASForm is properly configured, any event that causes a fatal error is handled by rejecting the transaction, returning an error message to the internet user, and sending an email to the webmaster (named in the configuration file(s)) explaining what went wrong. Optionally, if a transaction is rejected because the non-null value of the HTTP environment variable HTTP_REFERER did not match against the filtering you defined, an Abuse Report can be mailed to the webmaster(s). In short, if someone does manage to get into your installation somehow, all it takes is one mistake on their part and you'll hear about it.


Features


With all of these features, ASForm is a big dude, but it ought to do what you want done, and without any guesswork or frustrating debugging as so often is required when deploying free CGI applications. If you're reading this because you have downloaded your own copy of ASForm, I hope you find it easy to deploy and powerful enough to meet your needs. Enjoy!


Index
[online]
Introduction/
Features
Configuration Installation
 
Customizing
Error Messages
Writing
Message Templates
Writing Forms for
Use With ASForm
Running
ASForm Debug

 

© 1999 - Art Sackett