I want to give users the option to upload one or more modest-sized files to my site which can then form part of their "personal" space. In principle all I want to do is what the Monastery does with Monk images. My question is, is this a security minefield or not?
So far as I can see, it's not. Because when I save the files from my CGI script, I can make sure they are chmod
to 555 or less. So this is just an inert file (of a defined maximum size, otherwise I didn't accept it) sitting on my hard drive.
If somebody else downloads it and then opens it, I can see that might give them trouble, and ideally I'd like to be able to disinfect the files when they arrive on my hard drive, for protection of others. But caveat emptor
is the bottom line, and my main aim is to be certain the files aren't going to do anything to me
. And I'm not quite certain.
Can any sibling monk think of a way to mess me up by uploading a file to my site under the conditions I've described?<
§ George Sherston
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||