[Openfontlibrary] ccHost compression
Ben Weiner
ben at readingtype.org.uk
Tue Nov 4 07:47:05 PST 2008
Hi,
Dave Crossland wrote:
> 2008/11/3 Brendan Ferguson <drsassafras at gmail.com>:
>
>> Getting the
>> file onto the server is the first big step in launching an attack.
>>
>
> We can set the webserver to send files for download, so neither the
> webserver or webbrowser will interpret them.
>
> So could we accept all files, but make them only for download, and
> tell site visitors to report problems to us if there are dodgy files?
>
> http://www.thingy-ma-jig.co.uk/blog/06-08-2007/force-a-pdf-to-download
> explains how to do this for *.pdf files in a case insensitive,
> cross-browser way.
>
This download-as-dumb-data policy, combined with ccHost's
file-verification capabilities seems adequate to me. I do see the
potential for attacks based on the contents of an upload, but why should
we accept uploaded HTML files and why should we allow any uploaded file
to be executed by Apache?
I believe what is needed is this:
- accept upload as either loose files or an archive (.tgz, .zip, perhaps
.7zip and .bzip)
- if this is a new typeface, create a directory for it inside the user's
directory
- unarchive everything once the archive has been uploaded, *replacing
any files with the same name*
And then have download links for each individual file and a .tgz (or
perhaps better a .zip) for the whole directory.
That's different in detail to what ccHost does right now, but it's
compatible in spirit. It also leaves the way open for access via special
URLs for package maintaining scripts or whatever with no need for human
intervention.
Cheers,
Ben
More information about the Openfontlibrary
mailing list