while (<$upload_fh>) {
    $file_contents .= $_;
}
[download]

The users need to "know" that the file has been deleted. I don't want them claiming I'm keeping their files. Now we're back to policy over implementation though.

"Do not upload files that you view as private or proprietary"

I'll keep banging out some ideas. Thanks.

I think you're right, atlantageek. This is really a question of social engineering and trust. If you call it "convert" or "process", rather than "upload" I bet 99% of folks wouldn't have an issue with it.

If it were me, I'd just write it so that the subroutines I use to do the conversion unlink() the files right after processing. Maybe you could write a sub that opens and prints the document (with the correct mime-type, of course) to tbe browser, and as its last action it unlinks the file. (Don't forget binmode if you're on windows) As long as the user doesn't press "stop" and the download of the converted document completes, you should have no record of the file being there, and it's essentially a download once system.

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

I appears to me that your question is not so much as to how to handle the conversion but how to present your product or service to your users. In this sense, I think you need to really ask yourself, "What is the goal of my file conversion service?"

First, if you are not going to be providing this service for classified documentation then you don't really need to worry about what the end user thinks the security of their files are. Like you stated, we all know that transmission over http is insecure. So, maybe you need to look at developing a terms of service agreement that will release you of any liabilites including copyright and patent rights that the end user may claim to have for using your service. In this sense then you can worry about the disk space problems and clean up yourself that a simple cron job or perl script can solve.

However, if you are going to offer a corporate level solution then a free iDisk idea is perhaps the best idea. But dont try to make your users feel safe. Use the appropiate security measures such as secure http and ssl.

This decision lies in your hands. "Keep it simple. Enlightenment will come to you as long as your motivation is true."

Good Hunting,
kha0z

"I want to add the capability of having the users upload a file from their local system to the server for conversion (limited by $maxsize, of course). The hitch here is that I need to provide a way for the users to be able to delete the file from the server after they've uploaded it.

Have you considered using webdav for uploading/deleting of files ?

Webdav is supported by Apache and IIS (among others) and allows clients to upload files, change or delete them. Internet explorer is a webdav client and works ok with Apache webdav, just do a File/open, indicate the webdav url and check "open as web folder".

After that, users can drag and drop files into that folder, as if it where a common folder.

You could even put perldav to god use :-)