Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Upload security question

by varian (Chaplain)
on Jun 04, 2007 at 08:07 UTC ( [id://619067]=note: print w/replies, xml ) Need Help??


in reply to Upload security question

Some other considerations:
I also know to make sure the uploaded text file has no execute permissions.
If there is no need for an uploaded file to be exposed directly to webusers then store the file outside the web server document tree. This limits accidental disclosure via or execution by a web browser.

On the file size you may also want to set a quota on the amount of bytes used by all uploaded files in total. What happens if say five sessions upload data concurrently? Do they end up in different files? Or do you remove the files after having processed them?

If the filename is not decided server side then precautions need to be made to ensure that the user cannot overwrite any existing (system) files inside or outside the document tree, e.g. by stating the filesname as './../../somename'

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://619067]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (2)
As of 2024-04-20 03:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found