dongyun234854 2013-11-16 18:10 采纳率: 0%
浏览 23
已采纳

允许用户从URL保存文件的安全问题

I'm developing a script to grab small sized files (less than 1 MB) from user given a URLs and save them on my server.

My main concern is what if someone tried to upload large files like 1 GB files or even bigger? How do I control the file grabbing if it is a large file?

I tried some of the answers on the web but all of them process the whole file. For a 700 MB video file, it took couple of minutes, does that mean the process taking my server resources?

What if a hacker keep posting URLs to large files so those process will eat up my server resources and I will loose visitors.

Can someone advice me on this?

  • 写回答

3条回答 默认 最新

  • dongliang2005 2013-11-16 18:27
    关注

    This should do the trick. No file bigger than 1 megabyte can be uploaded

    if($_FILES['file']['size'] < 1048576) { // This is one megabyte (in bytes)
    // the file is within size restriction, continue
} else {
    // File is too large, return an error
}

    Then you could use some javascript to test the file size before upload, but just remember you can't rely on it for security.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 Revit2020下载问题
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
  • ¥15 单片机无法进入HAL_TIM_PWM_PulseFinishedCallback回调函数
  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch