[Seaside] Newbie alert: file uploads, etc.

Bill Schwab BSchwab at anest.ufl.edu
Tue Jul 8 00:55:35 UTC 2008


Thanks for the replies!  I'm glad to hear that uploads of such file
sizes are expected to work.

One other question about uploads: security implications.  Are there any
risks of someone uploading an executable or maliciously crafted document
and subsequently tricking a proxy server into executing/parsing it?  I
ask in part because I can envision having links to download the
full-text files, which would (perhaps) mean putting them where a proxy
server can see them.  I assume one would want to do that to prevent
loading the Squeak/Pharo image.  I am largely willing to assume that
Seaside and Comanche would be fairly immune to such attacks.  Any
pointers on staying out of trouble would be greatly appreciated.  My
current project is not all that demanding on the security front.  I want
it closed to prying eyes (no sense helping the competition), need
certain features protected from well-intentioned tinkering by colleagues
who don't understand BibTeX, and don't dare leave the host open to
attack.  I _think_ an authentication task will have the first two
covered.  That said, I hope to move on to things that really have to be
secure.

Stef, can you help me out with a link to citezen?  So far, I have gotten
many hits, none of which are identifiable as what I think you are
describing.  My parser is very informal, and I have been willing to make
simple edits to create syntax it can read.  However, I might choose to
wrap something that does a very good job.  Worst case, I could leave a
hole for doing so, and release the rest of the system.  It would be good
idea to actually write it first though :)

Bill





Wilhelm K. Schwab, Ph.D.
University of Florida
Department of Anesthesiology
PO Box 100254
Gainesville, FL 32610-0254

Email: bschwab at anest.ufl.edu
Tel: (352) 846-1285
FAX: (352) 392-7029



More information about the seaside mailing list