Monthly Archives: January 2012

Status FileSender 1.5, 11 January 2012

In the previous 1.5 status update I wrote we’d work on input/output sanitisation and validation until we got it right as the security and stability implications for not getting it right would be too large.  We worked on it since then and now it’s done.  What has happened since the last post:

  • Input/output pathways have been simplified
  • Input/output sanitisation and validation is done
  • Much code and program flow has been cleaned up and simplified
  • The database abstraction layer moved from MDB2 to PDO; PDO is well-maintained and a part of the standard PHP package, moving to PDO removed a server-side dependency for FileSender
  • We now use mostly prepared statements for database interaction, which we understand to be best current security practice
  • PDO has been tested with MySQL and Postgresql
  • All pages are now W3C compliant

We had a developers conference call today where we discussed the path towards 1.5.  There’s a small thing to do with the exact handling of pause/resume we will work on this week to make sure it behaves well enough.  As there is a chance for changes in that functionality toimpact program flow we’re a bit careful there. Next week we’ll check whether we’re happy and if we are, plan the 1.5 beta release date.  A  code security audit will be executed after the 1.5 beta is available.

The major changes moving towards 1.5 compared with 1.1 will then be:

  • support for multiple languages in the web UI
  • database abstraction with PDO
  • entirely HTML/JavaScript based UI when using HTML5-upload capable browsers
  • Graceful fallback for non-HTML5-upload browsers to a flash-component for upload.  Nearly the entire UI is HTML/JavaScript
  • 1.5 will be the foundation we can develop new features like multi-file-upload, client-side encryption etc.

If you wish to set up a test with 1.5 today, please pull it down from our SVN repository.  Check the bug list for open issues.