Don't ask to ask, just ask | |
PerlMonks |
Security issues for CGI file uploadby rob_au (Abbot) |
on Jan 18, 2002 at 20:31 UTC ( [id://139851]=perlquestion: print w/replies, xml ) | Need Help?? |
rob_au has asked for the wisdom of the Perl Monks concerning the following question:
In a chatterbox discussion earlier this evening, Chrisf and myself were discussing potential security issues with CGI file upload scripts. After a bit of discussion involving the use of temporary files, the main points of which I have covered previously here, I put together the following block of code - Note that this code is not considered to be a complete example, but merely sufficient to highlight the elements of the CGI upload interface discussed.
Now while any form of file system interaction via a CGI interface is going to come with a number of inherent security concerns, are there any other immediate concerns which should be addressed in a script similar to that above? Any and all suggestions for the tightening and/or improvement of this code process, particularly from a security point of view, are welcomed.
perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'
Back to
Seekers of Perl Wisdom
|
|