comment on

Some random issues to watch out for:

If you can, make sure that only people you allow may upload (for instance, by requiring authentication via the server)
Make sure the file system doesn't fill up. You could for instance disable uploading if there's less than some amount of space on the disk (you probably should set this in a BEGIN block).
Disabling scripts in the data directory is not enough, if that dir is directly accessible via the server - people can upload php, asp, jsp pages (even server config files), or malicious client side scripts.
Watch out for malicious file names!
Use taint mode! (perl -wT) - in my view this should be mandatory for any CGI script.
As you are running on windows, use binmode on the data file handles.

"What should it profit a man, if he should win a flame war, yet lose his cool?"

In reply to Re: Security Uploading Files by Joost
in thread Security Uploading Files by bkiahg

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.