Uploading and Storing Files Safely on a Website

Letting users upload files into a website is an area that requires careful management. Obviously there is a decision to be made around whether to store the file in a database or on the file system. Also the file should be virus scanned.

Note that in business systems users can often upload files like pdf that can include scripts than can run on the file system (if directly opened by someone on the back end). The likely hood of this really depends on your system design.

If you are storing files on the file system (even temporarily) here are some rules of thumb

  • Whitelist the file types that can be uploaded (make sure there is a check around the types allowable on the server as well as the client)
  • Limit the file size (client and server)
  • Store the file on a separate drive to the rest of your application, in a folder with minimal permissions – make sure the file cannot be executed. Maybe one account to write and another to read it both with appropriate permissions on the folder.
  • Virus scan the file
  • Do not save using the name the user supplies
  • Do not save using the extension the user supplies
  • Do not access using a filepath in a url I.e. http:\\mysite.com\showFile?path=\filedirectory\letter.doc- instead use a GUID or some other identifier to prevent tampering i.e. http:\\mysite.com\showFile?id=45464-454-454-454545. Get this wrong and you may end up displaying your web.config to the world- http:\\mysite.com\showFile?path=\..\..\web.config

The main point is to give the user as little control as possible over where the file is stored and how it is accessed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s