Re^2: CGI file upload: Print to filehandle vs move file

Hi rowdog,
Thanks for your reply and for confirming that moving the file makes sense. However, I'm not sure I fully understand the connection to the code and the denial of service attack in your post - reading the file into memory would be exactly what I don't want to do anyway, right? I would simply use the 'rename' command to move the whole file without ever looking at it (at least at the upload stage - later of course I will do some checks as explained in my reply above).

Thanks.

Comment on Re^2: CGI file upload: Print to filehandle vs move file

Replies are listed 'Best First'.
Re^3: CGI file upload: Print to filehandle vs move file by rowdog (Curate) on Oct 20, 2009 at 02:52 UTC
Sorry, my post wasn't really so clear. The off-topic point was that setting binmode on a filehandle and then calling readline on it (`<$upload_filehandle>`) slurps the entire file into RAM, which is bad if you run out of RAM. The real point was that, if you don't need to process the file as it comes in, it's much faster to just rename it. I would probably solve this problem by renaming the temp file but I second dhoss's suggestion to look at CGI::Upload before you decide.	[reply] [d/l]

Replies are listed 'Best First'.

Re^3: CGI file upload: Print to filehandle vs move file
by rowdog (Curate) on Oct 20, 2009 at 02:52 UTC

Sorry, my post wasn't really so clear. The off-topic point was that setting binmode on a filehandle and then calling readline on it (<$upload_filehandle>) slurps the entire file into RAM, which is bad if you run out of RAM.

The real point was that, if you don't need to process the file as it comes in, it's much faster to just rename it. I would probably solve this problem by renaming the temp file but I second dhoss's suggestion to look at CGI::Upload before you decide.

[reply]
[d/l]