5. Security Considerations of File Upload

Before enabling HTTP file upload on your server, one important thing that you must consider is security, as improper design and configuration will make your server vulnerable to attacks.

For example, the PHP file upload script and JSP file upload script that were covered earlier are not secure. One problem is that we have not checked what the user entered in the optional filename text box. This gives malicious users the chance to modify the server's files (e.g. system files or password files). For example, if a malicious user enters a path such as "../password/password.dat" in the optional filename text box, our PHP and JSP script will save the uploaded file to the destination "/file_uploads/../password/password.dat", which is actually the path "/password/password.dat".

Here are a few security tips that may be useful to you. We will only provide some brief descriptions here. For more details, please refer to other sources.


Previous Page Page 11 of 11


Feedback Form (Expand)

What do you think about this web page?