Re: Upload security question

I second holli's recommendation. From my experience, CGI.pm will upload everything first, then determine if it is too big. That leaves you open to denial-of-service attacks. $ENV{CONTENT_LENGTH} is there to detect the incoming size, before it is sent.

my $maxsize = 1024 * 20000; #max 20M 
print $query->header();
if($ENV{CONTENT_LENGTH} > $maxsize){  
 print "file too large - must be less than $maxsize bytes";
exit;   
}
[download]

I'm not really a human, but I play one on earth. Cogito ergo sum a bum

Comment on Re: Upload security question Download Code