In this video, Keith Casey shares how to manage file uploads to minimize risk to the users and our server backend.
- [Instructor] If you're following along,…in the last section, we successfully upload…an image to our API, and saved it on disk.…While this is a good first step, it's not good enough…with regards to security, or long term management,…to make sure everything works as expected.…So now we're going to add a few pieces of middleware,…to make sure the file is safe and…we're not passing around malware.…In terms of dealing with files,…there are a variety of risks that we need to mitigate.…A malicious user can send a lot of…large files to try to crash our server.…
The file itself can be malformed and include stacked…overflow errors, and potentially compromise the server.…Some of those same errors can compromise our users browsers.…Images can have sensitive information,…such as GPS coordinates.…Or maybe we just want to be ready in case chatter takes off…and we got from supporting five,…to 5 million users by this weekend.…Regardless of our reasons, the result is the same.…Just saving files to disk isn't enough.…But if we think about it, each of these things has to be…
This course begins with a simple application specification and builds it one step at a time. Each chapter includes a key concept, with examples from other public APIs, and then shows how to build it yourself with Silex. Learn about URL routing, validating input, and generating response codes and hypermedia payloads. Like any project, the first implementation may be a little messy, but don't worry. The last chapter covers refactoring and what it takes to scale and support the API going forward.
- Understanding the project goals
- Adding authentication with Silex
- Using cross-framework and authentication middleware
- Creating a read-write API in Silex
- Uploading files via an API
- Adding file security
- Creating payloads and response codes in Silex
- Scaling your API