On 14 Jun, David N. Welton wrote:
> libapreq is a small C library for handling variables and file uploads.
> I don't actually use it as a library, so that people don't have to
> download an extra package.
I'd actually prefer to see the extra package -- so there is no
replication of code like this :) There is a FreeBSD port of libapreq, it
turns out. So I'll let its maintainer know about my patches and modify
the mod_dtcl port to depend on the libapreq port instead of compiling
its own... This way, the same library can be shared between TCL and Perl
users.
However, apreq, IMO, suffers from the same drawback many upload handling
APIs do -- the application only gets access to the file once it is fully
uploaded. This opens the server to DoS attacks and others.
For example, if I only expect JPEG files, I can stop the upload of
something else after the first 512 bytes...
I once wrote a callback-based handler for B. Welch's tclhttpd -- purely
in TCL, but tclhttpd gives you access to the HTTP-connection socket, so
it is easy to bind callbacks to it.
Yours,
-mi
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
