用户上传文件的安全风险
允许用户上传文件有哪些安全风险?简单列举一些所能想到的risk:
- 空间的占用,如果文件服务器空间有限制,允许用户无限制的上传垃圾文件或许会塞满文件服务器,导致其他用户再也不能上传,需要扩展服务器容量。这或许对于现在的容量来说不是大风险。
- 文件的访问。如果上传的文件是可执行的,这就给服务器带来安全漏洞。所以在文件执行权限上进行管理,以及在文件类型上应加以控制。
第二类风险才是真正的安全隐患,而且其方式可能会多种多样,可以进一步细分。
这里列出一些相关文章供参考:
常见风险应对
- 限制文件类型
- 更改文件名称
- 限制文件大小
- 改变执行权限
- 登录控制
- 核实请求源(保证来自白名单)
一些建议的解决方案
Below is a list of best practices that should be enforced when file uploads are allowed on websites and web applications. These practices will help you securing file upload forms used in web applications;
- Define a .htaccess file that will only allow access to files with allowed extensions.
- Do not place the .htaccess file in the same directory where the uploaded files will be stored. It should be placed in the parent directory.
- A typical .htaccess which allows only gif, jpg, jpeg and png files should include the following (adapt it for your own need). This will also prevent double extension attacks.
deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>
- If possible, upload the files in a directory outside the server root.
- Prevent overwriting of existing files (to prevent the .htaccess overwrite attack).
- Create a list of accepted mime-types (map extensions from these mime types).
- Generate a random file name and add the previously generated extension.
- Don’t rely on client-side validation only, since it is not enough. Ideally one should have both server-side and client-side validation implemented.