CGI and temFileName -- uploading files

Discussion in 'Perl Misc' started by ccc31807, Dec 8, 2011.

  1. ccc31807

    ccc31807 Guest

    I have an internal app working on Windows with Apache that munges data
    files and generates reports. It runs inside our firewall, and only
    four people have access. We had a number of these kinds of apps to do
    and limited time, so I took the easy way out (always dangerous, hence
    this post) and used the CGI method tmpFileName() to grab the upload
    file(s), open them, and write the data to memory. The upload files are
    deleted when the script exits, which is fine as we don't need to save
    them on the server.

    The apps don't have any security at all other than restriction to four
    users internal to our local network, and they are in the offices down
    the hall so they are certainly within shouting distance if not
    grabbing distance. I am aware that Bad Things can happen with file
    uploads but am not concerned in general because we are not attached to
    the outside world (no external access to the network).

    Here's the question: is there anything extremely dangerous in doing
    things this way, in view of the fact that we control the server, the
    data, the users, and the interface?

    When I say 'this way' what I mean is that our data file(s) are
    uploaded via an HTML file form upload widget, I capture the OS name
    with tmpFileName, use that as a file handle to open and read the
    contents of the file, close the file, and write the reports to the
    local file system BEFORE THE CGI SCRIPT EXITS! I don't want to save a
    local copy of the input files on the server, and it was easier to do
    it this way rather than writing to a local file, then munging the
    local file before deleting it.

    Thanks, CC.
    ccc31807, Dec 8, 2011
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dermoon
    Oct 8, 2003
  2. D Borland

    Uploading files using

    D Borland, Sep 28, 2003, in forum: Perl Misc
    Alan J. Flavell
    Sep 29, 2003
  3. darius

    maybe OT: uploading files w/ cgi

    darius, Jul 21, 2004, in forum: Perl Misc
    Jul 21, 2004
  4. cgi uploading files

    , Nov 8, 2005, in forum: Perl Misc
    A. Sinan Unur
    Nov 8, 2005
  5. William

    Uploading 2 files with 1 CGI buffer

    William, Jan 9, 2006, in forum: Perl Misc
    Gunnar Hjalmarsson
    Jan 10, 2006

Share This Page