Entering edit mode
8.2 years ago
kbun
▴
10
Currently developing a small web pipeline for miRNA-seq analysis, using Python and Flask.
I want the user to be able to upload a FAFSA file, which the server will then map to a genome. What is the best way to allow for a user to upload a file, and then running an external script (the mapping tool that is on the server) on it, without security vulnerabilities?
an instance of galaxy ?
It's generally inadvisable to do any kind of file-transfer over HTTP. A lot of overhead - connections can drop out - difficult to do securely - webserver's bandwidth/sockets get used up, etc.
Write a Galaxy plugin - leave all the data-transfer nonsense to the pros and focus on the pipeline/backend. Also, as a plugin, we can all benefit from your work too :)
Also, there's no way to do any of this securely. I'm sure if anyone actually tried to find a buffer overflow in any bioinformatic tool, they would be spoilt for choice.
I fail to see how this is specific to bioinformatics other than that the service should process a text file that happens to be a fasta file. Anyway if you think that's specific enough, you have about 100 different choices:
1) Make a simple cgi script
2-100) choose a web-framework see https://www.airpair.com/python/posts/django-flask-pyramid
Maybe a micro framework? In all cases you need to read the docs on how to sanitize user input for calling sys props safely, check stack overflow for that. http://stackoverflow.com/a/35858
Edit agree, use Galaxy you are mentioning a pipeline, so it's not only a single tool?