Replies: 1 comment
-
RavenDB doesn't care about the file structure or its size. We can accept files of any size (> 2GB, etc). The files are held inside the RavenDB data file after de-duplication process. If two files are the same (based on the hash of their content), they'll have a single on disk representation. Note that RavenDB does not compress attachment data. This is because most files are already compressed (png, docx, zip, etc). There is no meaning to the file name and we don't do any path parsing. We use the file name as a single string. We do no validation or processing of the values. |
Beta Was this translation helpful? Give feedback.
-
In a system where (authenticated) users can submit files, are there any additional security measures that developers should take in addition to validating files sizes and file type signatures before attaching a file to a document?
How does RavenDB store attachments at the database level? Can the file name affect anything, for example if a malicious user sets the file name to be a directory path? Are there any Raven-specific recommendations for handling attachments coming from external users?
In my particular case I'll be limiting file types to PDF only in case this matters.
Beta Was this translation helpful? Give feedback.
All reactions