Hi
user
Admin Login:
Username:
Password:
Name:
The dangerous, exquisite art of safely handing user-uploaded files.
--client
pyconau
--show
pycon_au_2016
--room Room_105 11337 --force
Next: 1 Lightning Talks
show more...
Marks
Author(s):
Tom Eastman
Location
Room 105
Date
aug Sat 13
Days Raw Files
Start
16:00
First Raw Start
error-in-template
Duration
0:40:00
Offset
None
End
16:40
Last Raw End
Chapters
Total cuts_time
None min.
https://2016.pycon-au.org/schedule/148/view_talk
raw-playlist
raw-mp4-playlist
encoded-files-playlist
mp4
svg
png
assets
release.pdf
The_dangerous_exquisite_art_of_safely_handing_useruploaded_files.json
logs
Admin:
episode
episode list
cut list
raw files day
marks day
marks day
image_files
State:
---------
borked
edit
encode
push to queue
post
richard
review 1
email
review 2
make public
tweet
to-miror
conf
done
Locked:
clear this to unlock
Locked by:
user/process that locked.
Start:
initially scheduled time from master, adjusted to match reality
Duration:
length in hh:mm:ss
Name:
Video Title (shows in video search results)
Emails:
email(s) of the presenter(s)
Released:
has someone authorised pubication
Unknown
Yes
No
Normalise:
Channelcopy:
m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:
filename.png
Description:
markdown
Every web application has an attack surface -- the exposed points of interaction where a malicious or mischievous user can commit malice, or mischief (respectively). Possibly nowhere, however, is more vulnerable than places a user is allowed to upload arbitrary files. The scope for abuse is eye-widening: The contents of the file, the type of the file, the size and encoding of the file, even the *name* of the file can be a potent vector for attacking your system. The scariest part? Even the best and most secure web-frameworks (yes, I'm talking about Django) can't protect you from all of it. In this talk, I'll show you every scary thing I know about that can be done with a file upload, and how to protect yourself from -- hopefully -- most of them.
Comment:
production notes
Rf filename:
root is .../show/dv/location/, example: 2013-03-13/13:13:30.dv
Sequence:
get this:
check and save to add this
Veyepar
Video Eyeball Processor and Review