From: John P. Looney (jplooney-ilug at domain online.ie)
Date: Tue 16 May 2000 - 14:02:47 IST
On Tue, May 16, 2000 at 05:50:05AM -0700, Michael Turley mentioned:
> I suppose that the question I should have asked is how
> friendly, documented is the C API?
> Speaking of file uploads, I was going to allow people
> to upload multipart files (CVs!).
I still haven't gotten it uploading stuff properly. It's horrid. I've to
use redirections & sub-pages to get it working. That said, if you are just
using a single form, with a single file, it's OK. I actually have written
a CV collection system for AOLserver (just takes a job, name, email & CV
file) - about a few hours work for a newbie.
> I know it might appear silly but I got scared because I didn't
> understand the security implications. What are the type of things you
> should consider when dealing with uploaded files as opposed to other
> form data? Is there a difference? Would there be an advantage of
> inserting the files into a database (say, Oracle) as opposed to leaving
> them hanging around in the filesystem?
If you are scared of someone getting a file off the filesystem, then you
should be more worried about someone deleting the database etc.
Also, sticking big things in a database is a bad idea. After all, the
linux filesystem is one of the best optimised databases for large datasets
> The only thing that I am aware of is that you would need to virus scan
> uploaded Microsoft Office docs before diseminating them from our Unix
> server to the LAN.
That's easier if it's a file on the filesystem.
-- "The fool must be beaten with a stick, for an intelligent person the merest hint is sufficient" -- Zen Master Greg
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:10 GMT