> I've seen why it is a good idea to deny uploading files on the server if
> this is not necessary using CGI.pm.
>
> Well, what happends if someone tries to upload a file on the server with a
> fake form, if I am not using CGI.pm in that script?
If the true form is within your site, then, you can
check where the form comes from by $ENV{HTTP_REFERER}.
This carries where the form's address is submitted from.
More accurate, that telling where this script was activated
by.
>
> Will the server try to upload the file?
Do you mean the file will out going from your server ? or
do you mean the acceptance of file uploading from a fake
form ? Both of case are depends on how you define them.
>
> Who is responsable for uploading? CGI.pm? Any script?
>
Of cause, the client's browser respond for this. =)
Just kidding, for uploading a file, you will have to write
<form .... enctype=application/x-www-form-urlencoded>
Then the request will be known as with a file attached.
Even though most of time, I won't use CGI.pm, but for receive
a uploading file, I will use it.
Rgds,
Connie
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
