I think I have been completely misunderstood.
Please explain how you can dynamically resize an image without looking
at the entire data in memory.
By "Data validation" I assumed that everyone would be using the
"Data::FormValidator" and related modules.
This class has the concept of "Filters" (cleaning up the data) and
"Constraints" (rejecting or accepting the data).
The upload modules in this hierarchy (very image oriented) from my
reading of their code must be reading in the entire
file into memory. If you have an issue with that please take it up with
the authors of those modules. My issue was that the
way these modules have done it is ghastly and that I was refusing to use
those modules.
In principle I can accept that reading an entire file into memory does
pose some risks. But the approach to dealing with those risks depends on
the circumstances and it does not relate to the question I was asking.
[email protected] wrote:
Send cgiapp mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://www.erlbaum.net/mailman/listinfo/cgiapp
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cgiapp digest..."
Today's Topics:
1. Re: (Mark Fuller)
----------------------------------------------------------------------
Message: 1
Date: Mon, 20 Sep 2010 15:11:04 -0700
From: Mark Fuller <[email protected]>
Subject: Re: [cgiapp] Data validation of file uploads
To: CGI Application <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Sep 20, 2010 at 7:08 AM, Nicholas Bamber <[email protected]> wrote:
* Once processing is finished the data is presumably written to a file or a
database. and the memory can be reclaimed.
Can I ask why you don't want to write the incoming stream to a temp
file the "normal" way?
The only reason I can think of would be security concerns. That it's
highly sensitive data. In that case, it seems like it would be better
to transmit a shared secret to the client through an https connection,
and encrypt the data as it's sent (through javascript?). Or, modify a
copy of cgi.pm or cgi::simple to encrypt the chunked incoming data as
it's written to the temp file.
>From something you said earlier, it sounded like you just want to
untaint the data before it's written to disk. If that's all it is, I
don't understand how untainted data written to a temp directory would
be risky.
Mark
------------------------------
_______________________________________________
cgiapp mailing list
[email protected]
http://www.erlbaum.net/mailman/listinfo/cgiapp
End of cgiapp Digest, Vol 36, Issue 8
*************************************
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
