Add Web-based Uploading to Your Website With UploadForm
Audience: All customers
Web-based forms are nothing new to most webmasters. In fact, forms that utilize form-to-email gateways, such as Internet Connection's MailForm, are quite commonly used as a way to gather information from your site's visitors. Some cases may arise where the information you want to receive cannot be provided in a text input field. Sometimes you may want to allow the people filling out your forms to send you information in a file.
Examples of where HTTP-based uploading could be used:
- accept resume submissions (.doc, .txt, .html files)
- allow members of a discussion board to submit images that they can include in their posts
- build a dynamic family album where family members can upload photographs that can be included into HTML pages via a CGI script
However, this sort of HTTP-based uploading, where anonymous users have write permissions on your account, can create security vulnerabilities. A malicous user could theoretically abuse a HTTP-based upload system a number of ways:
- by uploading several gigabytes of files, using up disk space which
causes problems for not only your own site, but also all other
sites on the server
- by uploading and executing files containing code designed to cause
harm to your files or the server
UploadForm, a package available for our Linux and Solaris hosting
customers through the netConsole, and for our Windows hosting customers
via the Internet Connection Webmaster Tools area, provides a secure way for you to allow your visitors to upload files to your site.
UploadForm has features, modified through a configuration file, that reduce the possibility that the HTTP-upload process could be abused:
- File Type Restriction - allows you to specify what types of files, by extension, can be uploaded, For example, if you want to only accept Microsoft Word documents, you can configure UploadForm to only permit files with the .doc extension to be uploaded.
- File Size Restriction - allows you to specify the maximum file size for each file uploaded.
In addition to these security features, UploadForm also offers Filename Collision Protection by giving each newly-uploaded file a unique name. This prevents accidental overwriting by multiple users uploading a file of the same name.
UploadForm can be easily installed using 2 methods:
In both cases, users may alter the script's security configuration by editing the options.inc file included with the package.
Windows 2000-based hosting
customers, download the UploadForm package from Internet Connection's Webmaster Tools Area.
For more information on this new package, please visit the UploadForm Support Documentation
To see a demonstration of the UploadForm, please visit the Product Demos page