Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Getting CGI to name a file it returns

by cLive ;-) (Prior)
on Jul 20, 2001 at 22:19 UTC ( [id://98485]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Getting CGI to name a file it returns
in thread Getting CGI to name a file it returns

Apologies, I left out full details, but assumed from mentioning 'temp dir' that that was implied.

1) if you chmod the temp dir 777, that's not a major issue(if you have no control over server) - security, see below

2) that was why I mentioned temp - sorry, implied, but not stated

3) just run a clean up on if every now and then to remove files older than x minutes... (also removes any files that can be theoretically placed there by other users)

Funnily enough, I have to do this myself now, and I'm using a session cookie and piping the file from above the web root. But that seemed quickest at the time. So I'll be trying the QS version out...

TIMTODI ;)

cLive ;-)

  • Comment on Re: Getting CGI to name a file it returns

Replies are listed 'Best First'.
(Guildenstern) Re: Re: Getting CGI to name a file it returns
by Guildenstern (Deacon) on Jul 20, 2001 at 22:55 UTC
    I don't really see where this is a better solution than what's been suggested. There's a lot of overhead involved in copying, not to mention the fact that you'll need extra code to clean whatever directory you're temporarily storing the files in. If the files are left in temp for any length of time, then you're running the risk of unauthorized users being able to acces the file.

    In the situation I have at work, we have to verify that users are allowed to access files. We went through several ideas before settling on a CGI that takes advantage of Content-Disposition.
    1. Idea #1 - Put the file storage into web space.
      • Requires some nasty messing with .htaccess files and the such.
      • Inherent security issues of putting things in web space that don't belong there.
    2. Idea #2 - Copy each file into a temp area as it's requested and create a link on the fly.
      • Aforementioned security issues
      • Our files are large. The I/O overhead of copying multi-megabyte files all over the file system wasn't very attractive.
      • Collision. We have files with the same name spread out over different projects. Sure, we could add numbers and such to the copied file name, but our users have told us that's not a good solution.
    3. Idea #3 - Use a CGI process to access files in the filesystem and send them directly to the browser.
      • Quick, painless, and practically void of the problems mentioned above.


    Guildenstern
    Negaterd character class uber alles!
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://98485]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2024-04-24 00:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found