[Seaside] Newbie alert: file uploads, etc.
stephane ducasse
stephane.ducasse at free.fr
Tue Jul 8 06:46:36 UTC 2008
On Jul 8, 2008, at 2:55 AM, Bill Schwab wrote:
> Thanks for the replies! I'm glad to hear that uploads of such file
> sizes are expected to work.
>
> One other question about uploads: security implications. Are there
> any
> risks of someone uploading an executable or maliciously crafted
> document
> and subsequently tricking a proxy server into executing/parsing it? I
> ask in part because I can envision having links to download the
> full-text files, which would (perhaps) mean putting them where a proxy
> server can see them. I assume one would want to do that to prevent
> loading the Squeak/Pharo image. I am largely willing to assume that
> Seaside and Comanche would be fairly immune to such attacks. Any
> pointers on staying out of trouble would be greatly appreciated. My
> current project is not all that demanding on the security front. I
> want
> it closed to prying eyes (no sense helping the competition), need
> certain features protected from well-intentioned tinkering by
> colleagues
> who don't understand BibTeX, and don't dare leave the host open to
> attack. I _think_ an authentication task will have the first two
> covered. That said, I hope to move on to things that really have to
> be
> secure.
>
> Stef, can you help me out with a link to citezen? So far, I have
> gotten
> many hits, none of which are identifiable as what I think you are
> describing. My parser is very informal, and I have been willing to
> make
> simple edits to create syntax it can read. However, I might choose to
> wrap something that does a very good job. Worst case, I could leave a
> hole for doing so, and release the rest of the system. It would be
> good
> idea to actually write it first though :)
citezen on Squeaksource.
Stef
>
>
> Bill
>
>
>
>
>
> Wilhelm K. Schwab, Ph.D.
> University of Florida
> Department of Anesthesiology
> PO Box 100254
> Gainesville, FL 32610-0254
>
> Email: bschwab at anest.ufl.edu
> Tel: (352) 846-1285
> FAX: (352) 392-7029
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list