Page 1 of 1
Secure upload
Posted: Sun May 15, 2005 9:50 am
by someberry
I have made an upload script, and at the moment I have checked against all the potential dangers that I can think of... for the moment.
I am currently:
- checking for errors ($_FILE['variable'][error])
- checking the size of the file (Can anyone reccomend a suitable max file size, I thought 200k would suffice)
- checking the MIME type
- checking the extension
- checking the file doesnt already exist
If all those are okay, then I move the file via move_uploaded_file. My main aim is to stop people uploading potentially dangerous scripts (To the server, site, and users), such as PHP, CGI, PERL, EXE etc. Does anyone else have any suggestions to how I can tighten the security even more, to make absolutely sure no potentially scripts are uploaded?
Thanks.
Posted: Sun May 15, 2005 10:32 am
by shiznatix
well it all depends on what your having the user upload. if its only a image for like a avatar then 200K is plenty. and if you want to be secure about it do getimagesize (i think that the function) and if it returns true then it really is a image if not then the user is trying to pull a fast one on you and you can slap them down with a error. but thats only images the rest there really isnt a way to verify what kind of file it truley is.
Posted: Sun May 15, 2005 11:07 am
by cheatboy00
how did you go about checking MIME type?
Posted: Sun May 15, 2005 11:41 am
by someberry
$_FILES['variable']['type'] for the header info.
"there really isnt a way to verify what kind of file it truley is"
So there is no way to tell if the file is really a PHP etc file? Is this actually realisticly possible to do, and if so, is there any way to combat it?
Thanks.
Posted: Sun May 15, 2005 11:58 am
by Pyrite
I would suggest having some virus/spyware/adware scanner on the server that actively checks the directory you upload to for malicious files.
Apart from that, server protection is best to make sure that files in the uploads directory cannot be executed and things like that.
Posted: Sun May 15, 2005 12:14 pm
by someberry
I’m not as worried about files that can harm user’s computers, since it is their own risk whether or not they accept/run it (Although they shouldn’t be allowed to be uploaded in the first place). What I really want to stop is potentially dangerous scripts to the server, which can expose it, and the code which is on it (Each user will have their own account in which they can upload, not just image files, but js, htm, html, doc, css etc).
My main priority and philosophy is ‘prevention is better than cure’. I would preferably like to stop altogether these kinds of scripts being allowed onto the server, full stop.
Thanks.
Posted: Mon May 16, 2005 4:41 am
by someberry
Anyone got any ideas?
Posted: Mon May 16, 2005 7:16 am
by phpScott
what you could do is when the file is uploaded is to open up the permissions on the folder to allow writing to it but no execution. when the move has taken place reset the permisions to the file and folder to read only. Or just the folder to read only.
When a file is requested to be downloaded reopen the permsissions on the folder but not the files to allow the download then reset the permsisions agian.