FileUpload without Tempfile

I am looking for a way to upload a file to Rails 3 app, but without generating a temp file. Googling the issue gave me some insight in how the file upload works. As I understand Rails creates a temp file when the file size is larger than 20kb. Is there a way to change this limit and avoid the temp file generation?

Another solution I was looking in was creating a Rack App and so avoid the file generation, however, didn't work either. Same with a Sinatra app.

Btw. yes it is mandatory that the file is not saved and only kept in memory for security reasons.

Thanks

What you've discovered is that it's not really Rails or Sinatra that's creating the Tempfile -- it's Rack:

https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L483

I think you'll need to dig down to that web server - app interface level if you want to amend this.

Chris

Thanks for pointing out that it is in Rack. Brings me one step closer to a solution.

> I am looking for a way to upload a file to Rails 3 app, but without > generating a temp file. Googling the issue gave me some insight in how > the file upload works. As I understand Rails creates a temp file when > the file size is larger than 20kb. Is there a way to change this limit > and avoid the temp file generation?

> Another solution I was looking in was creating a Rack App and so avoid > the file generation, however, didn't work either. Same with a Sinatra > app.

What you've discovered is that it's not really Rails or Sinatra that's creating the Tempfile -- it's Rack:

https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L483

I think you'll need to dig down to that web server - app interface level if you want to amend this.

I am not sure what you mean with 'to that web server'

Another solution I was looking in was creating a Rack App and so avoid the file generation, however, didn't work either. Same with a Sinatra app.

Btw. yes it is mandatory that the file is not saved and only kept in memory for security reasons.

Is it enough for /tmp to be something like tmpfs (ie non persistent) ?

Fred

Sorry, badly worded. I meant that it's happening at the interface between the web server and your app; in this case that's where Rack lives.

Chris

Thanks Fred for pointin to tmpfs, however, using tmpfs would also allow that the file can be read by anyone with access

I tried to hack into Rack, however, so far I was not able to avoid creating a tempfile.

Btw. yes it is mandatory that the file is not saved and only kept in memory for security reasons.

You could unlink the Tempfile right after creation, as mentioned here: http://www.ruby-doc.org/stdlib/libdoc/tempfile/rdoc/classes/Tempfile.html

That will prevent any other process to get hands on that file.

Mike