It is not -necessary- to disable file uploads, it's just a good idea, provided that no uploads are required by your application. If you leave the upload option on and also don't use a POST_MAX to limit the size of uploads, a malicious cracker (hey, now that would be a good band name - "Malicious Cracker") might be able to cause you a buffer overflow problem.
Scot R. inSite -----Original Message----- From: Octavian Rasnita [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 02, 2002 2:43 AM To: [EMAIL PROTECTED] Subject: Disabling file uploads? Hi all, Can someone explain why it is necessary to disable the file upload if I use CGI.pm? Of course, if I don't need to upload files with the script. Is it necessary to do that if I don't have an file upload field? Thank you. Teddy Center: http://teddy.fcc.ro/ Mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 6/20/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 6/20/2002 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
