use the ajax librairie for upload and active the javascript into the formulaire and control all the variables to the upload it's nice way <anonymous> Le lundi 04 octobre 2010 Ã 14:23 -0400, Pito Salas a Ãcrit : > I was having a debate with a friend of mine. Can you clear this up? > > Is it true that I can do an http post to any apache/httpd server and > get it to upload a file? It would seem like an application should give > permission, or at least that httpd could be configured so that an > application needs to give permission. > > In other words: > > <form action="http://gmail.com/"; method="post" multipart="yes"> > <input type="file" name="big"/> > <input type="submit" value="go"/> > </form> > > Will the server accept and process all the gazillion bits of the file > even if no application has said it wants it? > > I know it's probably a dumb question (he says it is) but it seems to > be such a big opening for a DOS attack that I can't believe it's > possible. > > Thanks for any insights (or references where the answer is explained) > > - Pito > -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
|