Ideas for Improving ASP and ASP.NET Web Application Security - Part 2
page 10 of 11
by Brett Burridge
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 38206/ 53

Be wary of uploaded files

If you have a file upload facility within your website then it is critical to perform a check on the types of files that may be uploaded.  This is especially critical if the uploaded content is going to be saved to a folder that is accessible via the web.  This is because an uploaded file type could be executed on the server by a user who makes a standard browser request for the file once it has been uploaded.

Although it is essential to black-list certain file types (such as .asp, .aspx, and if your server supports it, .php), a safer alternative is to provide a white-list of specific file types that can be uploaded (such as .jpg, .gif and .png for an image upload facility).  It is also worthwhile including a maximum file size that can be uploaded - most file uploading server components allow such a limit to be set.

If you are intending to use uploaded files (such as resumes submitted by candidates using a job vacancies site for example) then it is also a good idea to implement a virus checking facility before the content reaches a business processes that make use of the uploaded file.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-03-28 10:27:01 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search