Page MenuHomePhabricator

[dash] Decide on a file management strategy
Open, NormalPublic

Description

  • When should an uploaded file be deleted?
  • How long should a generated report be available for download?

Event Timeline

Files that cannot be read by a CSV reader should be deleted immediately to avoid that potentially malicious resources are hosted on this public server. A simple check for file extension is not enough. Arbitrary files can be uploaded by just adding the extension *.csv.