I was having a debate with a friend of mine. Can you clear this up? Is it true that I can do an http post to any apache/httpd server and get it to upload a file? It would seem like an application should give permission, or at least that httpd could be configured so that an application needs to give permission. In other words: <form action="http://gmail.com/"; method="post" multipart="yes"> <input type="file" name="big"/> <input type="submit" value="go"/> </form> Will the server accept and process all the gazillion bits of the file even if no application has said it wants it? I know it's probably a dumb question (he says it is) but it seems to be such a big opening for a DOS attack that I can't believe it's possible. Thanks for any insights (or references where the answer is explained) - Pito -- Check out http://www.salas.com and http://www.blogbridge.com/look --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|