comment on

Keeping it in memory sounds like a good way to go. As stated above, you should probably check that your web server doesn't use temporary files for file uploads.

It also avoids another issue: what happens if your program for whatever reason fails before it deletes the file (you'd need a cron job regularly clearing out your temp dir, etc.).

While a certain level of paranoia is useful when working with senstive data, to keep myself from getting too paranoid about things I try to remember what the stated security requirements are, and to stay realistic about what any additional countermeasures I implement actually protect against.

Just as one example, when using disk encryption, people sometimes seem to forget that as long as those encrypted drives are mounted (which in some cases is all the time), anyone who compromises the running system has access to their contents anyway. So unless you're protecting against the disks being stolen, or people forgetting to wipe them at decomissioning, disk encryption won't help your network security.

In reply to Re^2: Security on shared server by Anonymous Monk
in thread Security on shared server by derekstucki

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Come for the quick hacks, stay for the epiphanies.
	PerlMonks