Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: (OT) accepting user files online

by Fletch (Bishop)
on Feb 27, 2006 at 20:50 UTC ( [id://533159]=note: print w/replies, xml ) Need Help??


in reply to (OT) accepting user files online

When dealing with web security you can never be too paranoid (that's what THEY want you to think; but perhaps I've said too much . . .).

That said, it really depends on what kind of files they are and what you're doing with them. Image files of some sort (JPGs, PNGs), probably not an issue. HTML that could possibly contain malicious Javascript that you're going to display to other users, that you might go over more carefully.

Update: Oop, good point about the PNG buffer overflow; good thing I weaseled and said "probably". :)

Replies are listed 'Best First'.
Re^2: (OT) accepting user files online
by fizbin (Chaplain) on Feb 27, 2006 at 21:26 UTC
    Image files of some sort (JPGs, PNGs), probably not an issue.

    Because, of course, we know that there are never occasions where a buffer overflow in an image processing library affects common client web browsers. That being said, I'm not sure how exactly one checks for stuff like this when the underlying libraries one wishes to use may contain unknown buffer overflows or other exploit-enabling coding errors themselves.

    --
    @/=map{[/./g]}qw/.h_nJ Xapou cets krht ele_ r_ra/;
map{y/X_/\n /;print}map{pop@$_}@/for@/

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://533159]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (5)
As of 2024-04-19 03:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found