[Seaside] Newbie alert: file uploads, etc.

stephane ducasse stephane.ducasse at free.fr
Tue Jul 8 06:46:36 UTC 2008


On Jul 8, 2008, at 2:55 AM, Bill Schwab wrote:

> Thanks for the replies!  I'm glad to hear that uploads of such file
> sizes are expected to work.
>
> One other question about uploads: security implications.  Are there  
> any
> risks of someone uploading an executable or maliciously crafted  
> document
> and subsequently tricking a proxy server into executing/parsing it?  I
> ask in part because I can envision having links to download the
> full-text files, which would (perhaps) mean putting them where a proxy
> server can see them.  I assume one would want to do that to prevent
> loading the Squeak/Pharo image.  I am largely willing to assume that
> Seaside and Comanche would be fairly immune to such attacks.  Any
> pointers on staying out of trouble would be greatly appreciated.  My
> current project is not all that demanding on the security front.  I  
> want
> it closed to prying eyes (no sense helping the competition), need
> certain features protected from well-intentioned tinkering by  
> colleagues
> who don't understand BibTeX, and don't dare leave the host open to
> attack.  I _think_ an authentication task will have the first two
> covered.  That said, I hope to move on to things that really have to  
> be
> secure.
>
> Stef, can you help me out with a link to citezen?  So far, I have  
> gotten
> many hits, none of which are identifiable as what I think you are
> describing.  My parser is very informal, and I have been willing to  
> make
> simple edits to create syntax it can read.  However, I might choose to
> wrap something that does a very good job.  Worst case, I could leave a
> hole for doing so, and release the rest of the system.  It would be  
> good
> idea to actually write it first though :)

citezen on Squeaksource.

Stef
>
>
> Bill
>
>
>
>
>
> Wilhelm K. Schwab, Ph.D.
> University of Florida
> Department of Anesthesiology
> PO Box 100254
> Gainesville, FL 32610-0254
>
> Email: bschwab at anest.ufl.edu
> Tel: (352) 846-1285
> FAX: (352) 392-7029
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>



More information about the seaside mailing list