[Info-vax] HTTP and HTML File Upload Basics (was: Re: OSU server: upload script)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Oct 20 15:05:55 EDT 2020
On 2020-10-20 17:32:08 +0000, Phillip Helbig (undress to reply said:
> Does anyone have a basic DCL script which, when called as a script by
> the web server, can upload a file from the browser machine to the server
> machine?
CGI doesn't get used for this. A CGI-based fetch as you're likely
envisioning here would be routinely blocked network firewalls, among
other details.
What follows is a basic HTTP file upload discussion, one of many around
the 'net:
https://stackoverflow.com/questions/8659808/how-does-http-file-upload-work#8660740
Here's another related HTTP file upload discussion, with a live demo included:
https://www.w3schools.com/howto/howto_html_file_upload_button.asp
And somewhat more advanced, do not allow the user to provide a
filename, and do not allow execute access within the upload
directories. Particularly beware polyglot files; files an incautious
user might think harmless can be executables.
https://security.stackexchange.com/questions/116819/beside-gifar-are-there-any-other-known-polyglot-files
Open and insecure uploads can be quickly filled with warz and worse,
particularly if a remote user can then download the content.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list