2/1 What is the easiest way to allow people (actually myself) to upload
stuff through my web page? --- clueless
\_ DON'T DO IT.
\_ This may open you up to a lot of security risks; think carefully
when you implement something. How do you want to do it? Do you
want to enter text into a form and then have it available as a
file in an account somewhere?
\_ Don't listen to these idiots. The easiest way is probably
HTTP PUT; see the Apache documentation.
\_ Oh really? So where's a page you wrote that allows
uploads? Post the URL so we can all have fun hacking it.
\_ Why don't you just tell us how to hack HTTP PUT.
\_ "There are few scripts available which implement PUT
handling securely." _Apache Week_, April 4 1997
In concept it _can_ be secure, but it's not an
unrealistic concern; frequently the PUT scripts
have holes, even more than other CGI stuff.
\_ PUT is fairly simple; it is not difficult to write
a secure PUT script. You don't need "many"
scripts available which implement PUT securely,
you only need one.
\_ right, but first you've got to find it. :-)
\_ If you use suexec, it's not hard to
write one. Just make all paths relative
to the document root and disallow ".."
and other funky characters.
\_ YES! suexec is much more secure! We really should run
httpd on soda instead of scotch so that one will not be
able to kill the "nobody" process arbitrarily.
\_ I'm still waiting to see your secure
page. Post the URL when you're ready.
\_ Oh, give it up.
\_ thanks for all your responses. I wanted to do this as a way to
replace ftp to transfer my manifestos:-). The web server is going
to be running only when I need to transfer file and is shut down
the moment the transfer is done. So I guess it does not need to
be too secure. Anyway, the question is now whether I will get
enough clue to find out how to write a minimal script. -- clueless
\_ You must be too sexy to use scp.
\_ No, Jobs is too sexy to have scp developed for mac. |
http://csua.com/feed/