cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: [heads-up] Updated upload system and fixed a bunch of security issues
Date Fri, 04 Apr 2003 17:34:23 GMT
Vadim Gritsenko wrote:
> Stefano Mazzocchi wrote:
> ...
> 
>> Anyway, I also fixed a number of security issues. Most notably:
>>
>>  1) uploaded files are saved on disk by default (and web.xml has been 
>> changed accordingly) as a temporary storage.
>>
>>  2) uploaded files saved on disk are removed right at the end of the 
>> request. This assumes that you will handle the uploaded files yourself 
>> and the upload-dir is only used as a temporary media. [This might 
>> break back-compatibility on behavior, but I think it's a very sane 
>> thing to cleanup after your own mess]
>>
>>  3) I added a new servlet configuration parameter that disables 
>> uploading completely. And defaults to off for security reasons.
>>
>>  4) I also changed 'allow-reload' to false as default.
> 
> 
> 
> +1 to changes. Minor comment: status.xml, changes.xml, 
> src/documentation/xdocs/installing/updating.xml

You got me there :)

One question: what's up with this status.xml/changes.xml/todo.xml? can 
we finally decide which one to use and adapt the doc-building system to it?

-- 
Stefano.



Mime
View raw message