tips for securing file upload
Allowing users to upload files on your website is a dangerous task to partake in. The potential for users to upload malicious files can be a headache for any webmaster, however there are a few steps you can take to limit your risk.
- Restrict the types of files that a user can upload
checking file extensions is definitely a good idea, you can even take it one step further by trying to identify the file type based on it's content. Never let users upload files with an executable file extension ( exe, php, cgi ).
- Check how your webserver will react to serving different types of files
For example, if a user were to upload a file with the extension .php and your program did not stop him, the server may become compromised. Many apache servers are setup to run any files with the php extension through the php interpreter; essentially the user just uploaded executable code on your server. This is a huge security risk, the user just uploaded a file full of executable code that your apache server will execute happily. This could allow the user to get a foot in the door to far much worse exploit attempts.
- Limit file size
this one seems like a no brainer, you don't want users uploading files that are 200 megs in size, filling your entire hard drive.
- Limit upload frequency
if you can, try to limit the amount of files a user can upload per period of time.
If the user is malicious he may try to upload many files quickly. This may not work for you as you may have the need to allow users to upload many files in whatever time frame they wish. - Limit file accessibility
If you can, it is best to have uploaded files moved to the side in an area that is not accessible directly from the web ( putting files in a folder outside of document root ). Doing this you can approve all files before they have a chance to make it to the web under your website. Users may upload files just to have you serve them as a file host. A malicious user could potentially upload an image file, for the sole sake of having it hosted and link to it from his myspace page. Restricting the location where the user's uploaded files end up will allow you to approve the file before it goes live.
Some of these steps may not work for you, they all depend on your very specific application requirements, but always be mindful that allowing any user to upload a file to your website can be a huge security nightmare if it gets out of control.