[Koha-bugs] [Bug 6874] File upload in MARC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 14 00:06:06 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6874
--- Comment #10 from Robin Sheat <robin at catalyst.net.nz> 2011-10-13 22:06:06 UTC ---
* I don't think expecting people to configure apache to do that is reasonable,
many of them have enough trouble with the basic stuff.
* Yeah, I saw how the other plugins worked after I wrote that, so I think
that's OK (but should probably be fixed in the longer term.)
* Having a pass-through script is ideal. I'd be inclined to have it be like:
opac-retrieve.pl?id=abc123
where abc123 is a random string, or perhaps a hash of the file. This will
prevent people enumerating ID numbers, and can reduce the chance of collisions
compared to using a filename (also, if you use a hash, then uploading the same
file multiple times will mean that only one version needs to be stored.) In the
longer term, it also allows it to have fancier permissions or what not.
And, it would remove the risk of executable files being uploaded. I think it
would also allow multiple Koha instances to share one file store, if it used
hashes, as they wouldn't be guessable.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list