On Tue, 2 Jul 2002 10:43:22 +0300, [EMAIL PROTECTED] (Octavian Rasnita) wrote:
>Hi all, > >Can someone explain why it is necessary to disable the file upload if I use >CGI.pm? > >Of course, if I don't need to upload files with the script. > >Is it necessary to do that if I don't have an file upload field? What if a hacker makes his own "upload form" and puts your cgi-program in there as the target? When your CGI starts to process the incoming post-data, it will probably start accepting the upload to some temp directory, even though you are not asking for it. It takes bandwidth, and could be used as "a denial-of-service" attack. If you have "Disable_Uploads=1"; then the cgi program will reject the phony form upload data. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
