douzhan3900 2011-04-14 21:50
浏览 68
已采纳

网站通过文档上传暴露的安全漏洞有哪些?

I am new to the document storage space. I am not sure what i am doing yet, but before i begin i wanted to know about the possible security threats one has when one allows document uploads and what is the best way to sanitize the data? I am using PHP and will allow images, word docs, pdfs, excel docs, etc.

And is this a good solution:

http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/

  • 写回答

3条回答 默认 最新

  • doudao1369 2011-04-14 22:00
    关注

    There are two really obvious ones:

    • If improperly done, a file uploader could allow the user to overwrite other people's files -- including the PHP that runs the site. Make sure permissions are set so that the web server's account has read-only access to any directory but where stuff should be written, and that nothing in that directory can be executed.
    • Users can upload (big) enough files to fill the site's disk quota. Even if they can't, they can try -- and the server might not refuse the upload til after the whole file's been sent anyway, chewing up precious resources and possibly still filling the drive (if only for the time it takes to refuse the request and delete the temp file).

    And that's just the risks to the server. Files can contain malware that can affect other users. You'll probably want to find a scanner for that stuff.

    I'll suggest that if you want to let people upload files, you find a pre-written script that a lot of other people use and recommend. Rolling your own is bound to cause you problems when someone does something that you never considered.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?