CGi parameters lost

[Damu Zhang]

We are having a CGI issue, our clients send parameters via form POST, but
sporadically the values turn be to empty, and it happened all of sunden
since early last week. Anyone has the same issue?

 

[Tad McClellan]

We are having a CGI issue,

Then you are in the wrong newsgroup.

We discuss Perl here in the Perl newsgroup.

They discuss CGI over in the CGI newsgroup:

comp.infosystems.www.authoring.cgi

 

[Gregory Toomey]

We are having a CGI issue, our clients send parameters via form POST, but
sporadically the values turn be to empty, and it happened all of sunden
since early last week. Anyone has the same issue?

Yes, it happens to me every Monday.

gtoomey

 

[Alan J. Flavell]

Yes, it happens to me every Monday.

You've got an error on line 37.

SCNR

 

[Uri Guttman]

AJF> You've got an error on line 37.

please to be updating your version of PSI::ESP. it is clearly an error
on line 42.

uri

 

[James]

We are having a CGI issue, our clients send parameters via form POST, but
sporadically the values turn be to empty, and it happened all of sunden
since early last week. Anyone has the same issue?

Yeah, see it all the time where I work... Bet you are using IE & you have
installed that latest IE cumulative security upgrade patch [Released early
Feb '04]. We have found that a side effect of this patch is sporadic posts
where no data is made. In some case it appears the connection times out by
the browser immediately after clicking the button. Don't seem to know a way
around it; but know how to suppress it effect in some windows systems.
Netscape browsers is unaffected, just IE users after they installed that new
patch.

Here is the important part of what we tell our customers at work about this
issue & is just about as much as we know at this time...
-------------------------------------------------------------
.... It appears a side effect of applying this recent critical update has
caused many IE browsers fail to correctly post data within some html forms
to the scripts on servers. Netscape browser users are unaffected by this
recent IE patch.

Difficulties with Internet Explorer are also likely caused by Microsoft's
patch for Internet Explorer, as it can alter your security settings,
restrict the browser to allow only certain types of login methods & fail to
post info from a web page to some servers.

Microsoft said the IE update [Cumulative Security Update for Internet
Explorer (KB832894)] eliminates three vulnerabilities, including a
URL-spoofing flaw being exploited by scammers. Details of the URL-spoofing
flaw have been circulating for several months and, Microsoft explained that
the IE patch released in February 2004 would return error messages on Web
sites that use/allow clear text to authenticate user names and passwords.

Microsoft's Internet Explorer (IE) modification to fix security holes in the
browser could disrupt e-commerce sites that use/allow clear text to
authenticate user names and passwords. A lead product manager in
Microsoft's Windows division said that e-commerce Web sites that use/allow
clear text for authentication may will return an "invalid syntax error" on
Web pages once a user applies the IE patch. That's because the updated
browser will remove support for handling user names and passwords in both
HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs. The withdrawn
support for clear text authentication effectively provides a workaround for
the URL-spoofing flaws that are commonly used by scammers to mask fake sites
and trick users into giving up sensitive information including credit card
and social security numbers.

In advance & response of the patch, Microsoft made the unusual move of
releasing a knowledge base article to provide details and workarounds for
applications and Web site developers that still use clear text
authentication.
(http://support.microsoft.com/default.aspx?scid=kb;[LN];834489)

For maximum compatibility with our system, we recommend that you set the
following in IE to resolve some common issues.

Microsoft's patch for Internet Explorer may have altered your security
settings. You should do the following to reset them:

- open IE,
- click Tools
- click Internet Options.

In the 'Security' tab, reset the levels for each zone to the program's
default. This is done by clicking a zone icon & then clicking the 'Default
Level' button. Repeat for each zone icon.

The zone levels should look like this when you are done:

Internet - medium
Local intranet - medium-low
Trusted sites - low
Restricted sites - high

In the 'Privacy' tab, reset level to the program's default. This is done by
clicking the 'Default' button. This should set the slider to medium.

In the 'Advanced' tab, at the bottom of that window, all check boxes should
be checked under Security section, except for "Do not save encrypted pages
to disk", "Empty Temporary Internet Files folder when browser is closed",
and optionally "Warn if changing between secure and not secure mode".

Make sure you click "Apply" and "OK". Then, reboot the computer so the full
changes can take effect.


NOTE: This may no fix the posting issues with all IE browsers. If you
continue to see this situation happening, refreshing the existing page you
are on may get the browser to post the data to the script correctly. Some
clients have reported that uninstalling/disabling the above noted patch has
fixed the issue. Additionally switching to the Netscape browser is known to
fix the problem 100%.

Currently Microsoft has not yet issues a patch/fix to this situation &
because it is out of our hands, we can only make some suggestions as slight
workarounds. Hopefully Microsoft will issue a patch to fix the issue during
their next normal patch release cycle. ...

 

[Phil Connors]

We are having a CGI issue, our clients send parameters via form POST, but
sporadically the values turn be to empty, and it happened all of sunden
since early last week. Anyone has the same issue?

Yeah, see it all the time where I work... Bet you are using IE & you have
installed that latest IE cumulative security upgrade patch [Released early
Feb '04]. We have found that a side effect of this patch is sporadic posts
where no data is made. In some case it appears the connection times out by
the browser immediately after clicking the button. Don't seem to know a way
around it; but know how to suppress it effect in some windows systems.
Netscape browsers is unaffected, just IE users after they installed that new
patch...

Even though this post got toasted a bit earlier, I'm glad you responded as you did. I have
a client who about once every two months has an order with incomplete information.
In a way that it could not be the customer who is messing it up. If this is not the
answer, it's a very good clue.

Thanks for the post.

cheers

 

[James]

We are having a CGI issue, our clients send parameters via form POST, but
sporadically the values turn be to empty, and it happened all of sunden
since early last week. Anyone has the same issue?

Yeah, see it all the time where I work... Bet you are using IE & you have
installed that latest IE cumulative security upgrade patch [Released early
Feb '04]. We have found that a side effect of this patch is sporadic posts
where no data is made. In some case it appears the connection times out by
the browser immediately after clicking the button. Don't seem to know a way
around it; but know how to suppress it effect in some windows systems.
Netscape browsers is unaffected, just IE users after they installed that new
patch...

Even though this post got toasted a bit earlier, I'm glad you responded as you did. I have
a client who about once every two months has an order with incomplete information.
In a way that it could not be the customer who is messing it up. If this is not the
answer, it's a very good clue.

Thanks for the post.

cheers

With additional research time today by our staff today has located an
offical Microsoft patch which fixes this IE issue. It apears it was
released on 02/07/04. After extensive testing of the patch, we have foudnt
his patch doe sinfact work to fix the issue.

Here is what we are sending out to our known clients which have this
problem.
---------------------------------------------------------------------
As currently known, the new IE patch [Cumulative Security Update for
Internet Explorer (KB832894)] which released in early Feb '04 may cause
faults in some user's IE browsers when working with our SSL secure servers.

The identified issue causes errors when Internet Explorer attempts to renew
a connection to a server. Typically seen when doing a POST to a CGI script,
but it does not send any data to our SSL secured servers. You should apply
the below patch if you receive errors connecting to our servers after you
have applied the Q832894 security update to Internet Explorer or if you are
seeing unusual behavior in our secured administration areas.

The patch can be downloaded from:
http://www.microsoft.com/downloads/...28-5053-48A7-8526-BD38215C74B2&displaylang=en

In addition, for maximum compatibility with our system, we recommend that
you set the following in IE before applying the above patch to resolve
most common IE browser issues.

Microsoft's patches for Internet Explorer may have altered the browser's
security settings. You should do the following to reset them:

- open IE,
- click Tools
- click Internet Options.

In the 'Security' tab, reset the levels for each zone to the program's
default. This is done by clicking a zone icon & then clicking the 'Default
Level' button. Repeat for each zone icon.

The zone levels should look like this when you are done:

Internet - medium
Local intranet - medium-low
Trusted sites - low
Restricted sites - high

In the 'Privacy' tab, reset level to the program's default. This is done by
clicking the 'Default' button. This should set the slider to medium.

In the 'Advanced' tab, at the bottom of that window, all check boxes should
be checked under

Security section, except for "Do not save encrypted pages to disk", "Empty
Temporary Internet Files folder when browser is closed", and optionally
"Warn if changing between secure and not secure mode".

Be sure to click "Apply" and then "OK".

Reboot the computer so the full changes can take effect.

 

[Phil Conners]

news:[email protected]...

With additional research time today by our staff today has located an
offical Microsoft patch which fixes this IE issue. It apears it was
released on 02/07/04. After extensive testing of the patch, we have foudnt
his patch doe sinfact work to fix the issue.

This should fix your issue in full. It has for all of our customers thus
far & with our windows desktops at work.

Thanks for the update!
I just got another call today from this client complaining that part of the data to a
transaction was missing. I plan on talking with him about an email to all clients.

Thanks again!

- Way OT, Way helpful. You put the misc in comp.lang.perl.MISC!

 

[James]

Thanks for the update!
I just got another call today from this client complaining that part of the data to a
transaction was missing. I plan on talking with him about an email to all clients.

Thanks again!

- Way OT, Way helpful. You put the misc in comp.lang.perl.MISC!

Thanks for the comment. I simply post on issues I know the most about &
know I can answer correctly (I still got a lot to learn, but I try... .
This one I can safely state that I know more then I probably needed to
about.

At my job, with the huge number of clients we support & types of business
they are, it was imperative we find a solution ASAP to fix this situation.
We simply could not believe the number of clients this was effecting; so
finding a fix or workaround to this issue became priority one a few days ago
for our IT staff. Our handful of support techs got flooded with helpdesk
issues on this situation. I'm just glad Microsoft has officially recognized
this issue as a true problem this time around & rolled out a patch for it.
With some past IE updates, we noted the same symptoms, but Microsoft noticed
it as a true problem & simply kept telling our company it was with all of
our clients computers (typical M$ BS - pawn off the problems/blame due to a
crappy patch onto the user). Anyway, I hope that helps.. If your client's
issue is truely is what I think it is, then this should fix the problem in
full.