netty5/codec-http
Aron Wieck ffd6911586 Use constant string instead of user provided file name for DiskFileUpload temp file names.
Motivation:

DiskFileUpload creates temporary files for storing user uploads containing the user provided file name as part of the temporary file name. While most security problems are prevented by using "new File(userFileName).getName()" a small risk for bugs or security issues remains.

Modifications:

Use a constant string as file name and rely on the callers use of File.createTemp to ensure unique disk file names.

Result:

A slight security improvement at the cost of a little more obfuscated temp file names.
2017-04-27 16:02:41 -07:00
..
src Use constant string instead of user provided file name for DiskFileUpload temp file names. 2017-04-27 16:02:41 -07:00
pom.xml [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00