I want to give users the option to upload one or more modest-sized files to my site which can then form part of their "personal" space. In principle all I want to do is what the Monastery does with Monk images. My question is, is this a security minefield or not?

So far as I can see, it's not. Because when I save the files from my CGI script, I can make sure they are chmod to 555 or less. So this is just an inert file (of a defined maximum size, otherwise I didn't accept it) sitting on my hard drive.

If somebody else downloads it and then opens it, I can see that might give them trouble, and ideally I'd like to be able to disinfect the files when they arrive on my hard drive, for protection of others. But caveat emptor is the bottom line, and my main aim is to be certain the files aren't going to do anything to me. And I'm not quite certain.

Can any sibling monk think of a way to mess me up by uploading a file to my site under the conditions I've described?<

§ George Sherston

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.