Security issue in Iliad FileHandler ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Security issue in Iliad FileHandler ?

Steven Costiou
Hi,
while developping with Iliad, i thought to something, maybe i'm wrong
but still :

when we upload a file with ILFileHandler, the file is first stored in
the Smalltalk image before it is physically written in the server's
hard drive (speaking for Pharo and Squeak, no idea how gst does work).

What happens if i have a session that last enough time to upload a
very big file, with a size larger than the maximum RAM capacity
allowed to the Smalltalk VM ?

I'd say the server (or more specifically the virtual machine) crashes.

Two points though :

- I'm no web expert, maybe its the responsability of the web developer
to manually controll the size of files that a user can upload
- Still, if he forgets that and if a user can upload a very large file
without being stopped by the end of its session, it can make the VM
crashes (which will kill every open session for sure !)

What do you think about that ?

Maybe i'm just saying stupid things, but i was thinking to that and i
didn't have time to try it out =p
Reply | Threaded
Open this post in threaded view
|

Re: Security issue in Iliad FileHandler ?

Nicolas Petton
Le lundi 6 septembre 2010 21:04:57, Steven Costiou a écrit :

> Hi,
> while developping with Iliad, i thought to something, maybe i'm wrong
> but still :
>
> when we upload a file with ILFileHandler, the file is first stored in
> the Smalltalk image before it is physically written in the server's
> hard drive (speaking for Pharo and Squeak, no idea how gst does work).
>
> What happens if i have a session that last enough time to upload a
> very big file, with a size larger than the maximum RAM capacity
> allowed to the Smalltalk VM ?

Hi Stiven,

You're probably right, I'll see if there is an easy solution to this problem.
Maybe using the stream from the request directly in ILFileProxy would do it.

Anyway, for large file uploads I would use a more robust solution than
Smalltalk.

Cheers,
Nico
--
Nicolas Petton
http://www.objectfusion.fr
Objectfusion S.A.R.L.
Applications web - Design