[Pmwiki-users] File upload feature discussion

Davis, James C. jdavis at cob.tamucc.edu
Mon Nov 18 16:56:22 CST 2002


Yeah, the symlinks thing wouldn't work if the original could be changed. I
would be suspicious too of something that is snooping around doing things to
my data that could be hazardous. I know that pmwiki will have a size limit,
but I just know how people are when they max out disk space limits. I
constantly get the question, "why can't I keep every email ever received
since 1997?" This comes from people who max out the 1GB of space I give them
for their mailbox. Thinking back to the idea of training users not to do
stupid stuff, maybe pmwiki should do this: check to see if the same version
of a file already exists when uploading, and alert the user with an option
to cancel. Anyways, from this discussion I have come up with this:

********

Proposed solution: associate files with groups only

This would minimize redundancy, but still make it easy to link files into a
page.

********


> 1.  I expect that file upload will generally be configured as a
"privileged" 
>     operation to begin with; i.e., it's unlikely that a sane PmWiki 
>     installation would allow "just anyone" to upload files as attachments.

>     The potential for misuse and liability (virus, warez) is just too
great.


It seems the point of the upload feature is mainly to allow images the be
uploaded right? Maybe pmwiki should examine the file that a user attempts to
upload and reject it if it is not in a valid image format. Then, you could
be more flexible about who can upload files. (and no I don't mean just
looking at the file extension)

James Davis
Network Manager
College of Business
Texas A&M University - Corpus Christi
(361) 825-5926
jdavis at cob.tamucc.edu


-----Original Message-----
From: Patrick R. Michaud [mailto:pmichaud at sci.tamucc.edu]
Sent: Monday, November 18, 2002 4:27 PM
To: Davis, James C.
Cc: 'pmwiki-users at pmichaud.com'
Subject: RE: [Pmwiki-users] File upload feature discussion


On Mon, 18 Nov 2002, Davis, James C. wrote:

> > I agree that redundancy is bad, but it's not something that PmWiki can
> > (or should) prevent.  What is better is to come up with mechanisms that
> > encourage the right behaviors at the user interface level.
> 
> I don't know if I agree that it can't prevent it, but should it is an
> interesting question. How much do you value your disk space?  

Oh, a fair bit, actually.  But I've made some other assumptions regarding
the upload feature that I haven't officially restated since starting
the conversation:
1.  I expect that file upload will generally be configured as a "privileged"

    operation to begin with; i.e., it's unlikely that a sane PmWiki 
    installation would allow "just anyone" to upload files as attachments.  
    The potential for misuse and liability (virus, warez) is just too great.
2.  The upload feature will undoubtedly allow the administrator to set
    per-file and sitewide size limitations on the amount of uploaded 
    materials.

> Sure, space is getting cheaper all the time, but the amount of 
> information to be stored is growing even faster. 

I'm not so sure I agree with this last point.  My experience is that 
increases in storage capacity are outpacing our data generation and 
organization capability.  

> I think
> I will have to create a redundancy checker that runs as a chron job and
> replaces redundant files with sym links. Maybe this is how it should be.

I think that anytime the system "automatically cleans things up" in this
manner is inherently dangerous and suspicious.  Just because two files 
happen to be identical at the moment they are compared doesn't mean they 
should or will be identical all times in the future.  And, I know I would 
be quite annoyed if a system decided to replace my backup copies with 
symlinks to the originals.

Pm




More information about the pmwiki-users mailing list