[cgiapp] Data validation of file uploads

Mark Fuller azfuller at gmail.com
Wed Sep 22 15:52:55 EDT 2010


On Wed, Sep 22, 2010 at 12:42 PM, Nicholas Bamber
<nicholas at periapt.co.uk> wrote:
>
> Please explain how you can dynamically resize an image without looking at
> the entire data in memory.

Hmmm. I don't believe I suggested you could do that.

I was curious why you wanted to do that in memory instead of creating
a temporary file as file uploads usually do.

I thought you said something in your first post or two about wanting
to validate the data before writing to disk. I assumed you were
talking about untainting it. That it really was the data you expected.
So, I was just curious what the risk would be that you're protecting
yourself from (by not letting the file be created before examining the
content)? (Or, maybe that's not what you're trying to accomplish. Then
I wonder again why you don't want to let a file be created.).

It sounds like it's just personal preference? Not that there's a
technical reason to intercept the data before it's written to disk?

Mark


More information about the cgiapp mailing list