Support from Internet Connection

Add Web-based Uploading to Your Website With UploadForm

Sent: 2003/10/23
Audience: All customers

Web-based forms are nothing new to most webmasters. In fact, forms that utilize form-to-email gateways, such as Internet Connection's MailForm, are quite commonly used as a way to gather information from your site's visitors. Some cases may arise where the information you want to receive cannot be provided in a text input field. Sometimes you may want to allow the people filling out your forms to send you information in a file.

Examples of where HTTP-based uploading could be used:

However, this sort of HTTP-based uploading, where anonymous users have write permissions on your account, can create security vulnerabilities. A malicous user could theoretically abuse a HTTP-based upload system a number of ways: UploadForm, a package available for our Linux and Solaris hosting customers through the netConsole, and for our Windows hosting customers via the Internet Connection Webmaster Tools area, provides a secure way for you to allow your visitors to upload files to your site.

UploadForm has features, modified through a configuration file, that reduce the possibility that the HTTP-upload process could be abused:

In addition to these security features, UploadForm also offers Filename Collision Protection by giving each newly-uploaded file a unique name. This prevents accidental overwriting by multiple users uploading a file of the same name.

UploadForm can be easily installed using 2 methods:

In both cases, users may alter the script's security configuration by editing the options.inc file included with the package. Windows 2000-based hosting customers, download the UploadForm package from Internet Connection's Webmaster Tools Area. For more information on this new package, please visit the UploadForm Support Documentation. To see a demonstration of the UploadForm, please visit the Product Demos page.
www.internetconnection.net 2004-2005 ©