cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <>
Subject Re: cocoon-view as possible security problem?
Date Fri, 21 Mar 2003 19:04:42 GMT
Tony Collen wrote:

>On Fri, 21 Mar 2003, Geoff Howard wrote:
>>>Is it? With in-memory upload you can get to OutOfMemory exceptions and
>>>potentially corrupt cocoon instance. With file uploads, you can create
>>>100Mb file systems which you can fill up but you won't disturb
>>>functionality of the server. I don't see how in-memory uploads are more
>>>secure; I see them as *less* secure.
>>Well, in combination with the max-upload-size parameter (or whatever it's
>>called) I felt that better.  If I can cause the request to ignore multipart
>>files bigger than xMB, that seems to mitigate the risk.  But that's worth
>>some discussion.  My worry with autosaving all files is 1) I can purposely
>>fill up your hard drive, given time. 2) Could a user more clever than I
>>create a POST request that would cause a file to be placed somewhere other
>>than the upload dir?

>The uploaded file only exists on the filesystem for the duration of the
>script, and if you want to actually save it, you need to move the temp
>file into a directory.  As soon as the script is done executing, PHP
>automatically removes the temporary file.  This seems to work out just
>fine, and I haven't seen any bad security problems with it so far.

Any takers to implement enhanced autosave-uploads parameter? Values 
could be:

false or no - ignore uploads
memory - save in memory
temp - save onto disk, remove when processing is finished
true or disk - save onto disk, don't remove


View raw message