Opened at 2010-08-14T20:57:22Z
Last modified at 2011-09-26T20:28:14Z
#1176 new defect
webapi should avoid using plaintext temporary file for uploads — at Version 1
| Reported by: | davidsarah | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | code-frontend-web | Version: | 1.8β |
| Keywords: | confidentiality | Cc: | |
| Launchpad Bug: |
Description (last modified by davidsarah)
In ticket:990#comment:17, davidsarah wrote:
warner wrote:
The upload-side webapi server will still put large (>100kB) plaintext files on disk (in an anonymous tempfile),
Perhaps it should be using EncryptedTemporaryFile?
On closer examination I think the relevant code is in twisted.web.http, so that might be easier said than done.
Change History (1)
comment:1 Changed at 2010-08-14T20:57:58Z by davidsarah
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
