On Thu, Mar 7, 2013 at 6:35 AM, Thorsten Moeller <[email protected]>wrote:
> Hi, > > i am creating a writestream on a server connection event using a path join > of a fix path and a variable for the filename. As the filename is not known > on server connection event (sent later via connection data event) , it is > empty and therefore not working afterwards, producing errors (connot open > file). > Be *very* careful about using any filename, or portion of a filename, that was provided to you by a client. Using that as part of a filename or path on the server is a potentially major security hole, and best avoided. I'd agree with greelgorke that using a temp file on the server is a better approach. If you need to retain a mapping between uploaded data and a client filename, do that elsewhere (e.g. a database), and not by trying to use the same file system naming and / or structure as the client. -- Martin Cooper Is there a way to handle this more dynamically?? Perhaps creating the > stream first like an global object and later set the filename and then > using the stream via something like a method??? > > > Regards > > Thorsten > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
