cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <>
Subject Re: [heads-up] Updated upload system and fixed a bunch of security issues
Date Fri, 04 Apr 2003 16:01:02 GMT
Stefano Mazzocchi wrote:

> Anyway, I also fixed a number of security issues. Most notably:
>  1) uploaded files are saved on disk by default (and web.xml has been 
> changed accordingly) as a temporary storage.
>  2) uploaded files saved on disk are removed right at the end of the 
> request. This assumes that you will handle the uploaded files yourself 
> and the upload-dir is only used as a temporary media. [This might 
> break back-compatibility on behavior, but I think it's a very sane 
> thing to cleanup after your own mess]
>  3) I added a new servlet configuration parameter that disables 
> uploading completely. And defaults to off for security reasons.
>  4) I also changed 'allow-reload' to false as default.

+1 to changes. Minor comment: status.xml, changes.xml, 


View raw message