[Info-vax] HTTP and HTML File Upload Basics
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Oct 20 15:37:13 EDT 2020
On 2020-10-20 19:11:34 +0000, Arne Vajh��j said:
> On 10/20/2020 3:05 PM, Stephen Hoffman wrote:
>> On 2020-10-20 17:32:08 +0000, Phillip Helbig (undress to reply said:
>>> Does anyone have a basic DCL script which, when called as a script by
>>> the web server, can upload a file from the browser machine to the server
>>> machine?
>>
>> CGI doesn't get used for this. A CGI-based fetch as you're likely
>> envisioning here would be routinely blocked network firewalls, among
>> other details.
>
> ????
>
> I belive he is asking for:
>
> browser---(POST of file)---web server---CGI script---disk file
>
> That is very much possible.
Note that I did not state that scripting an upload was impossible, and
please see previously-linked resources around using POST for secure
file uploads.
> And the firewall will most likely not even know that the target URL is
> a CGI script.
And I'm here assuming that this was for "sort of the equivalent of
anonymous FTP" and a "basic DCL script" for the upload, hence my links
to using POST.
If the DCL script is running an FTP CGI as was suggested, it'll both be
insecure, and it'll be blocked by firewalls on all but wide-open
networks.
And absent webserver extensions or local support for it, DCL is just
bad dealing with POST data, having run afoul of that (lack of) support
before.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list