DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=32145>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32145 use a secure delete if the file is written to the disk ------- Additional Comments From [EMAIL PROTECTED] 2004-11-10 18:28 ------- martin, I certainly agree that what I propose is not the perfect solution. But I contend it to be without much burden on anyone (e.g. consumption of processing power) "a lot more secure by default". A lot of people get commons-fileupload.jar as part of struts or another package and never bother to even read any documentation about it. Your recommendation about even higher security achievable is certainly a good one, but as long http://jakarta.apache.org/commons/fileupload/customizing.html is rather empty, certainly only VERY FEW people are doing it. So, an exposure during processing time of a few (milli)seconds as opposed to months of residing on a disk and possibly even being found during disposal by totally unrelated third parties IS a difference. Agreed, quite some disclaimers would have to go with it, but I think for the little cost it incurs, it is a first step in the right direction worthwhile to take. (at least offer it as a configurable option) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
