tags:

views:

88

answers:

1
+1  Q: 

CGI -- Temporary files

Hello! I'm developing a little CGI application (in C, with CGIC, http://www.boutell.com/cgic/). My application needs to create a temporary file (the user upload an images, it is saved, modified in various ways, and then shown back to the user).

What precautions should I take while creating temporary files?

The modified image is provided dynamically by a CGI script which then removes the tempfile from disk:

Something like that: <html><head><title>here's your modified image</title></head><body><img src="cgi-bin/genimage.cgi?uid=5423423 /></body>

However a malicious user could upload an image and never request the modified image, so filling the hard disk.

Should I remove periodically unused files?

Many thanks!

A: 

Using CGI for direct application design is questionable -- i.e., not a web-framework/app-engine. I would suggest using Java for your image manipulation, or wrap it in lua or python or something.

If you continue with C make sure you put restrict the CGI execution environment, put it in a jail, check this post out for some inspiration, here is another one.

Hassan Syed  2010-01-07 19:05:47

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS