Home  •  Next Meeting  •  Contact Us  •  iCal  •  Check Email

MacGroup-Detroit    MacGroup iBBS    MacGroup iBBS  Hop To Forum Categories  Web Publishing    upload.cgi
Go
New
Find
Notify
Tools
Reply
  
upload.cgi
 Login/Register
 
Jedi Knight
posted
I'm trying to add a simple file upload page to a website and I found a PERL based CGI script to handle the job (See Link). I got it running properly and it works great. The problem is that I don't know much about PERL/CGI and I'm wondering if I'm introducing a vulnerability to the site?

I also read that PHP might be a better way to go than CGI, but I haven't found the appropriate scripts yet.

My other option is just to create a special ftp user for uploads, but it is far easier to direct someone to a webpage to upload a file.

Any thoughts, comments, suggestions would be appreciated.

Thanks,
Brian
 
Posts: 237 | Registered: June 10, 2002Reply With QuoteReport This Post
Guru
Picture of Jack Beckman
posted Hide Post
The instructions give your upload directory open availability to the world, including execute! The permissions should be 666, not 777 if you ask me. That grant read and write but NOT execute. Better would be 662, and make the web server user not a member of the group or the owner, so it can only write to the directory.


===
Professor Hubert Farnsworth: “Nothing is impossible. Not if you can imagine it. That’s what being a scientist is all about.”
Cubert J. Farnsworth: “No, that’s what being a magical elf is all about.”

 
Posts: 5470 | Location: Sterling Heights, Mi | Registered: January 25, 2004Reply With QuoteReport This Post
Jedi Knight
posted Hide Post
Jack, thanks for your input.

I changed the upload directory to 666 and the upload failed.

And as for changing users/groups. I don't have that much access. I'm limited to the vdeck interface my host provides. Besides, I'm at about the limits of my knowledge on this stuff. It is probably better that I don't implement this and just go with adding an FTP user.
 
Posts: 237 | Registered: June 10, 2002Reply With QuoteReport This Post
  Powered by Social Strata  
 

MacGroup-Detroit    MacGroup iBBS    MacGroup iBBS  Hop To Forum Categories  Web Publishing    upload.cgi

© MacGroup-Detroit 2016

Next Meeting | Join Now | News | About MacGroup | Check Your Mail