... getting the info I need...
Is this info you need also sensitive? If so, have you thought about how you're going to secure that once you've parsed it? If not, why does the sensitive information need to be uploaded in the first place, if it's just going to be discarded?
The file should be protected by the OS file permissions while it exists...
Are you sure, have you checked? Many web servers make their files accessible to everyone.
Security is such a vast topic that it's hard to give any good answer without knowing a whole bunch of factors, just a few of which are: what web server and OS you're running on, how sensitive the information is and what steps are supposed to be taken with it, what attacks you are attempting to protect against, and so on.
To start with, based on what you've written so far, it might be better to just keep the file in memory - as long as you're sure the web server doesn't use temporary files for uploads?
This should be obvious, but I hope you're using HTTPS?
If this information is so sensitive that you're worried about the "deleted files may theoretically be recovered" issue, then you really shouldn't be working on a system which (I'm assuming) you don't fully control in the first place.
From your posting history: parsing XML with a regex, attempting to roll your own date/time calculations, passing form variables into system() - these things are fine for quick scripts (except maybe the system() thing) but not considered good practice for production systems, especially robust ones that are also supposed to handle sensitive data. It's great you're working with Perl and I mean this constructively: I hope you've invested some time into reading a good book or two on modern Perl and the Web before working on security-critical things.
In reply to Re: Security on shared server
by Anonymous Monk
in thread Security on shared server
by derekstucki
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |