[Openfontlibrary] ccHost compression
Dave Crossland
dave at lab6.com
Tue Nov 4 14:17:16 PST 2008
2008/11/4 Brendan Ferguson <drsassafras at gmail.com>:
>
> I imagine that even if the files are set for download, they will be
> interpreted.
That's not my understanding; please test it out and see :-)
> Probably. But you will not be able to view any of the images any more, the
> browser would be treating them like text. :(
I think with extensions and the "file" command we can reliably detect
images as images and have them displayed instead of for download :-)
> have to put them in our own server config files. They are not universally
> accepted in .htaccess files.
That's not a problem with our hosts.
> Another option [so] if someone got something
> ugly up on to the server, and they did some how have execution permissions,
> they would not know what file to call.
This seems tricky and error prone, and just not worth it :-)
I agree with Ben: Download-as-dumb-data combined with ccHost's
existing file-verification capabilities seems adequate - we'll just
not accept uploaded HTML files, only plain text, and not allow any
uploaded file to be executed by Apache :-)
What is tricky, is having version control on the files - so if a user
uploads a new version of a file, ie a file with the same file name, it
won't make the previous version disappear, but also won't create a new
URL for that file.
I think it would be best to move this conversation to the ccHost
developer mailing list, so Victor can comment :-)
More information about the Openfontlibrary
mailing list