Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Keeping it in memory sounds like a good way to go. As stated above, you should probably check that your web server doesn't use temporary files for file uploads. It also avoids another issue: what happens if your program for whatever reason fails before it deletes the file (you'd need a cron job regularly clearing out your temp dir, etc.). While a certain level of paranoia is useful when working with senstive data, to keep myself from getting too paranoid about things I try to remember what the stated security requirements are, and to stay realistic about what any additional countermeasures I implement actually protect against. Just as one example, when using disk encryption, people sometimes seem to forget that as long as those encrypted drives are mounted (which in some cases is all the time), anyone who compromises the running system has access to their contents anyway. So unless you're protecting against the disks being stolen, or people forgetting to wipe them at decomissioning, disk encryption won't help your network security. In reply to Re^2: Security on shared server
by Anonymous Monk
|
|