5. Security Considerations of File Upload

Before enabling HTTP file upload on your server, one important thing that you must consider is security, as improper design and configuration will make your server vulnerable to attacks.

For example, the PHP file upload script and JSP file upload script that were covered earlier are not secure. One problem is that we have not checked what the user entered in the optional filename text box. This gives malicious users the chance to modify the server's files (e.g. system files or password files). For example, if a malicious user enters a path such as "../password/password.dat" in the optional filename text box, our PHP and JSP script will save the uploaded file to the destination "/file_uploads/../password/password.dat", which is actually the path "/password/password.dat".

Here are a few security tips that may be useful to you. We will only provide some brief descriptions here. For more details, please refer to other sources.


Previous Page Page 11 of 11


Feedback Form (ExpandCollapse)

What do you think about this web page?






(Optional) Please provide us more details. For example, suppose you select option 2 above, can you tell us specifically what information is missing? You can also suggest anything that can help us improve this web page.

(Optional) Your name:

(Optional) Your email address:

Please enter again to confirm:

Due to the amount of messages we received, we may not be able to reply to all messages.