Security
Considerations of File Upload
Before
enabling HTTP file upload on your server, one important thing that
you must consider is security, as improper design and configuration
will make your server vulnerable to attacks.
For
example, the PHP file upload script
and JSP file upload script that
were covered earlier are not secure. One problem is that we have not
checked what the user entered in the optional filename text box. This
gives malicious users the chance to
modify the server's files (e.g. system files or password files). For
example, if a malicious user enters a path such as
"../password/password.dat" in the optional filename text
box, our PHP and JSP script will save the uploaded file to the
destination "/file_uploads/../password/password.dat", which
is actually the path "/password/password.dat".
Here
are a few security tips that may be useful to you. We will only
provide some brief descriptions here. For more details, please refer
to other sources.
Check
all information provided by the client to ensure that it is safe.
For example:
The
HTTP request received includes a MIME type that describes what the
uploaded file contains. A malicious user can provide a wrong value
to trick you to think that the uploaded file is of another type.
Hence, you should not rely on the MIME type included in the HTTP
request but should perform a check by your own at the server-side.
For instance, the photo album example covered earlier does not
perform any checks to ensure the uploaded files are really image
files. To enhance security, we can include a check on the uploaded
files using the PHP function getimagesize() at the
server-side. If getimagesize() returns false,
that means the uploaded file is not a valid image file and it
should be rejected.
The
HTTP request received includes the uploaded file's original file
name at the client-side. A malicious user can provide an unsafe
value to trick you to modify system or password files. This problem
is similar to the one described in the second
paragraph of this section, so we will not describe it once more.
In
addition, you should prepare for the situation that the file name
contains special characters that are not allowed to appear
in file names or non-English characters. Make sure your WAP/web
application will not crash or be left in an erroneous state when
such situations occur.
Set
a file size limit so that the user cannot upload files that are too
large or too small.
Do
not run web servers or application servers with the administrator
account. Create and configure an account that is specifically for
their use. Limit the file access permissions of the account so that
even if your WAP/web application has security holes, the OS will not
allow it to work with system files or files of other users.
Make
sure your WAP/web application does not reveal too much information
to the user when an error occurs. The information revealed can help
a malicious user find ways to attack your system.
Log
down the details (such as the time, the client's IP address and the
user name) of file uploads and other related events. Although the
logs only tell you what has happened, they can help you check what
types of attacks have been made against your server and whether
there were any successful attacks.
|
Feedback Form (ExpandCollapse)
|
|
