php upload, security concerns
Posted: Mon Feb 09, 2004 7:36 pm
Hi all, I hope this post is appropriate for this forum. Here goes:
My goal is the following: Allow users to upload files to my website/server (for storage puposes only).
My intended implementation: Accepting uploads via HTTP POST (with PHP).
My concern: That a malicious user will write a script that uploads tons of files continuously until my server's hard disk is full and crashed.
Some precautions that I intend to take:
1) setting a max upload size in the php.ini file
2) Running the PHP script under SSL, and authenticating the user first (the problem is that we want to allow "trial" members...so even authenticated users might be malicious)
3) Have a separate disk partition which is where all uploaded files go to. Think of it as a "loading dock." All uploads go here first, and then a separate PHP script rumages through the loading dock, verifying that files are ok and that there's enough space before adding them to the main partition of our server.
Is #3 a good idea? Is it necessary? Perhaps the temporary location for PHP uploads would suffice as a loading dock? But should I stick this dock on a separate partition? I'd appreciate any comments to my promposed implementation/precautions, or alternat implementations. Thanks!
My goal is the following: Allow users to upload files to my website/server (for storage puposes only).
My intended implementation: Accepting uploads via HTTP POST (with PHP).
My concern: That a malicious user will write a script that uploads tons of files continuously until my server's hard disk is full and crashed.
Some precautions that I intend to take:
1) setting a max upload size in the php.ini file
2) Running the PHP script under SSL, and authenticating the user first (the problem is that we want to allow "trial" members...so even authenticated users might be malicious)
3) Have a separate disk partition which is where all uploaded files go to. Think of it as a "loading dock." All uploads go here first, and then a separate PHP script rumages through the loading dock, verifying that files are ok and that there's enough space before adding them to the main partition of our server.
Is #3 a good idea? Is it necessary? Perhaps the temporary location for PHP uploads would suffice as a loading dock? But should I stick this dock on a separate partition? I'd appreciate any comments to my promposed implementation/precautions, or alternat implementations. Thanks!