Although I realise there are different approaches to securing upload process, I’m still confused when it comes to basic principles. I want to allow users to upload any kind of file they want, but keep my app secure. So my question is:
Is it sufficient to store the files with their original names in ‘uploads’ folder outside ‘webroot’ and fetching them via some download.php script?
If it’t not secure enough, please point me in the right direction, or suggest what additional steps I should take to make it safe.
Thank you.
No, it isn’t enough.
When you save the uploaded file, you must ensure that nothing malicious happens (e.g. if the file’s “original name” was something like “../somewhere else” it might be possible to overwrite another file, including some PHP script under public_html, which would then allow a cracker to obtain a higher level of access). It’s probably wisest to generate a random name or at least sanitise the original filename before using it.
In a similar way, download.php must be immune to being ‘tricked’ into retrieving a file that is outside the download directory.