On Fri, 3 Feb 2017, at 12:39 PM, Bryan Davis wrote: > If you write the contents and then chmod there is a small race > condition introduced where the data might be visible to another > user/process. To make sure that others can not see the file contents > you should: > * create an empty file: touch( $file ) [0] > * make the file readable only by the web server process: chmod( $file, > 0600 ) [1] > * write the token to the file: file_put_contents( $file, $token ) > > Obviously adjust for the proper functions if your implementation > language is not PHP. > > You should probably also cron some periodic cleanup function to purge > files that might be leaked in the case of an unhandleable error in > your uploader process. In my opinion it would be easier to use a > database table. :) >
Fixed. And I'll add some error checking for hung jobs. Thanks! _______________________________________________ Labs-l mailing list Labs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/labs-l