Re: CGi parameters lost
From: James (turajbNOSPAM_at_hoflink.com)
Date: Wed, 18 Feb 2004 05:15:19 GMT
"Damu Zhang" <firstname.lastname@example.org> wrote in message
> We are having a CGI issue, our clients send parameters via form POST, but
> sporadically the values turn be to empty, and it happened all of sunden
> since early last week. Anyone has the same issue?
Yeah, see it all the time where I work... Bet you are using IE & you have
installed that latest IE cumulative security upgrade patch [Released early
Feb '04]. We have found that a side effect of this patch is sporadic posts
where no data is made. In some case it appears the connection times out by
the browser immediately after clicking the button. Don't seem to know a way
around it; but know how to suppress it effect in some windows systems.
Netscape browsers is unaffected, just IE users after they installed that new
Here is the important part of what we tell our customers at work about this
issue & is just about as much as we know at this time...
... It appears a side effect of applying this recent critical update has
caused many IE browsers fail to correctly post data within some html forms
to the scripts on servers. Netscape browser users are unaffected by this
recent IE patch.
Difficulties with Internet Explorer are also likely caused by Microsoft's
patch for Internet Explorer, as it can alter your security settings,
restrict the browser to allow only certain types of login methods & fail to
post info from a web page to some servers.
Microsoft said the IE update [Cumulative Security Update for Internet
Explorer (KB832894)] eliminates three vulnerabilities, including a
URL-spoofing flaw being exploited by scammers. Details of the URL-spoofing
flaw have been circulating for several months and, Microsoft explained that
the IE patch released in February 2004 would return error messages on Web
sites that use/allow clear text to authenticate user names and passwords.
Microsoft's Internet Explorer (IE) modification to fix security holes in the
browser could disrupt e-commerce sites that use/allow clear text to
authenticate user names and passwords. A lead product manager in
Microsoft's Windows division said that e-commerce Web sites that use/allow
clear text for authentication may will return an "invalid syntax error" on
Web pages once a user applies the IE patch. That's because the updated
browser will remove support for handling user names and passwords in both
HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs. The withdrawn
support for clear text authentication effectively provides a workaround for
the URL-spoofing flaws that are commonly used by scammers to mask fake sites
and trick users into giving up sensitive information including credit card
and social security numbers.
In advance & response of the patch, Microsoft made the unusual move of
releasing a knowledge base article to provide details and workarounds for
applications and Web site developers that still use clear text
For maximum compatibility with our system, we recommend that you set the
following in IE to resolve some common issues.
Microsoft's patch for Internet Explorer may have altered your security
settings. You should do the following to reset them:
- open IE,
- click Tools
- click Internet Options.
In the 'Security' tab, reset the levels for each zone to the program's
default. This is done by clicking a zone icon & then clicking the 'Default
Level' button. Repeat for each zone icon.
The zone levels should look like this when you are done:
Internet - medium
Local intranet - medium-low
Trusted sites - low
Restricted sites - high
In the 'Privacy' tab, reset level to the program's default. This is done by
clicking the 'Default' button. This should set the slider to medium.
In the 'Advanced' tab, at the bottom of that window, all check boxes should
be checked under Security section, except for "Do not save encrypted pages
to disk", "Empty Temporary Internet Files folder when browser is closed",
and optionally "Warn if changing between secure and not secure mode".
Make sure you click "Apply" and "OK". Then, reboot the computer so the full
changes can take effect.
NOTE: This may no fix the posting issues with all IE browsers. If you
continue to see this situation happening, refreshing the existing page you
are on may get the browser to post the data to the script correctly. Some
clients have reported that uninstalling/disabling the above noted patch has
fixed the issue. Additionally switching to the Netscape browser is known to
fix the problem 100%.
Currently Microsoft has not yet issues a patch/fix to this situation &
because it is out of our hands, we can only make some suggestions as slight
workarounds. Hopefully Microsoft will issue a patch to fix the issue during
their next normal patch release cycle. ...
I hope this helps...
-- James turajbNOSPAM@hoflink.com (Remove NOSPAM When Emailing)