You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by "Gerhard Egger <gerhard.egger@lindeverlag.at>" <ge...@lindeverlag.at> on 2001/08/01 09:28:25 UTC

Upload-problem with IE

hi all,

when uploading a file using our Embperl script
with a certain browser version (sorry i can't tell which)
the server-request quits with:

[Tue Jul 31 18:05:38 2001] [error] [31481]ERR:  44: Line 1: Setup of
CGI.pm failed: Malformed multipart POST

it works fine with all our (NS- & IE-) browsers, except that one.

Is there a fix?


i'm using 
Embperl 1.3.1
CGI.pm 2.46

	G.


-----
thanks to everyone for their great job doing Embperl,
especially to Gerald.




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: embperl security info

Posted by Akshay Arora <ak...@5vs1.com>.

I think that most Embperl issues are really just Perl issues. I think
one can avoid most problems by making sure that the user input is
checked for double/single quotes, and backticks. Also I think it is good
if you don't interpolate any user data, by putting the input in double
quotes, or some other perl interpolation/execution method.

I've been a member of an internal web-site at my college that allowed
backticks to go out, and I was allowed to make any shell command as user
www. That should be one of first things to make sure the user can't do.

-Akshay

Jack Cushman wrote:
> 
> Hi--
> 
> I have been doing final security checks before bringing a website live --
> making sure that users can't manually enter post data to see things they
> shouldn't. My employer is naturally curious about any security issues that
> tend to aflict embperl/mod_perl/cgi. While we have followed common sense
> procedures as far as trusting user data, it would be nice if there was an
> article that discussed security holes so we could make sure we haven't
> missed anything. Are there any resources that you have found particularly
> helpful?
> 
> Thanks,
> Jack Cushman
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

embperl security info

Posted by Jack Cushman <jc...@avatartechnology.com>.

Hi--

I have been doing final security checks before bringing a website live --
making sure that users can't manually enter post data to see things they
shouldn't. My employer is naturally curious about any security issues that
tend to aflict embperl/mod_perl/cgi. While we have followed common sense
procedures as far as trusting user data, it would be nice if there was an
article that discussed security holes so we could make sure we haven't
missed anything. Are there any resources that you have found particularly
helpful?

Thanks,
Jack Cushman


---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Upload-problem with IE 2

Posted by Gerald Richter <ri...@ecos.de>.

> Embperl 1.3.1

You should also upgrade Embperl to 1.3.3, because 1.3.3 handles errors in
CGI.pm much better

Gerald



---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Upload-problem with IE

Posted by "Gerhard Egger <gerhard.egger@lindeverlag.at>" <ge...@lindeverlag.at>.

that worked, thank you!

Gerhard


On Wed, 1 Aug 2001, Gerald Richter wrote:

> >
> > [Tue Jul 31 18:05:38 2001] [error] [31481]ERR:  44: Line 1: Setup of
> > CGI.pm failed: Malformed multipart POST
> >
> 
> That is handled by CGI.pm and the error message is from CGI.pm, so maybe
> upgrading CGI.pm to a newer version may help...
> 
> Let me know if this solves your problem
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Upload-problem with IE

Posted by Gerald Richter <ri...@ecos.de>.

>
> [Tue Jul 31 18:05:38 2001] [error] [31481]ERR:  44: Line 1: Setup of
> CGI.pm failed: Malformed multipart POST
>

That is handled by CGI.pm and the error message is from CGI.pm, so maybe
upgrading CGI.pm to a newer version may help...

Let me know if this solves your problem

Gerald


-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org