Before enabling HTTP file upload on your server, one important thing that you must consider is security, as improper design and configuration will make your server vulnerable to attacks.
For example, the PHP file upload script and JSP file upload script that were covered earlier are not secure. One problem is that we have not checked what the user entered in the optional filename text box. This gives malicious users the chance to modify the server’s files (e.g. system files or password files). For example, if a malicious user enters a path such as “../password/password.dat” in the optional filename text box, our PHP and JSP script will save the uploaded file to the destination “/file_uploads/../password/password.dat”, which is actually the path “/password/password.dat”.
Here are a few security tips that may be useful to you. We will only provide some brief descriptions here. For more details, please refer to other sources.
Check all information provided by the client to ensure that it is safe. For example:
The HTTP request received includes a MIME type that describes what the uploaded file contains. A malicious user can provide a wrong value to trick you to think that the uploaded file is of another type. Hence, you should not rely on the MIME type included in the HTTP request but should perform a check by your own at the server-side. For instance, the photo album example covered earlier does not perform any checks to ensure the uploaded files are really image files. To enhance security, we can include a check on the uploaded files using the PHP function getimagesize() at the server-side. If getimagesize() returns false, that means the uploaded file is not a valid image file and it should be rejected.
The HTTP request received includes the uploaded file’s original file name at the client-side. A malicious user can provide an unsafe value to trick you to modify system or password files. This problem is similar to the one described in the second paragraph of this section, so we will not describe it once more.
In addition, you should prepare for the situation that the file name contains special characters that are not allowed to appear in file names or non-English characters. Make sure your WAP/web application will not crash or be left in an erroneous state when such situations occur.
Set a file size limit so that the user cannot upload files that are too large or too small.
Do not run web servers or application servers with the administrator account. Create and configure an account that is specifically for their use. Limit the file access permissions of the account so that even if your WAP/web application has security holes, the OS will not allow it to work with system files or files of other users.
Make sure your WAP/web application does not reveal too much information to the user when an error occurs. The information revealed can help a malicious user find ways to attack your system.
Log down the details (such as the time, the client’s IP address and the user name) of file uploads and other related events. Although the logs only tell you what has happened, they can help you check what types of attacks have been made against your server and whether there were any successful attacks.