This topic contains information about security approach used during Image Uploader development.
During the development of Image Uploader Aurigma, Inc. took care of avoiding any potential security problems. Since Image Uploader is a software installed from the web, neglecting these problems could lead to security holes. For this reason any feature that could potentially cause security risks was rejected.
If any security holes in the Image Uploader are found, all the customers are immediately informed about possible issues and the problem is fixed in a timely fashion.
The customers who would like to make sure that the code safety is ok can purchase the Image Uploader source code. In addition to security audit, these customers can carry out customization. Please, contact Aurigma sales department if you are interested.
The main principle of Image Uploader architecture is a sandbox. It means that Image Uploader API does not provide any access to the file system or other resources. Unlike some competing uploading components, Image Uploader does not have such unsafe features as the ability to get a list of files in a given folder or add files to the upload list via client scripts, etc. These features would allow malicious persons to steal files from the computers where Image Uploader is installed.
Image Uploader requires the user to carry out all potentially dangerous operations through the user interface. None of such operations can be done without user's knowledge.
Image Uploader provides an access to the list of files which are already chosen by the user for the upload. However, it does not compromise security because the user adds these files to the upload list manually.
By the way, similar functionality is available in Internet Explorer: you can get a name of the file opened in the standard
<input type="file">
element.
Some people are worried about low safety of the ActiveX technology against high safety of Java applets. Sometimes they ask if the Java part of Image Uploader is more secure than the ActiveX one.
The answer is NO. To be able to work with files on a local machine, the Java applet has to go out from Java sandbox (in other words, make the security level equal to the one in ActiveX). This way using Java applets for uploading would not bring any security benefits.