I have a file upload script which will be available to the general public (eg. not a closed work enviorment) and I’m concered about security:
I want to allow any file to be uploaded, each file will be uploaded to it’s own unique directory, obviously, I can’t control if people upload malicious files, but what is the best approach to handle those files?
I thought of:
Removing the extension altogether, and only when serving the files to download, give them their original extension back (because all files names and locations will be saved in db)
Creating a “safezone” to disallow the run of several extensions in the directory.
disallowing the upload of “unsafe” extensions.
ofcourse the problems are:
there are way too many “unsafe” file extensions to count them all.
one could mask a file as “safe” although it contains some code.
and many other security risks…
so… any suggestions?
If all you’re doing is acting as a file store, what do you care? You’re not executing the files or looking at them in any way, are you?
A file extension has nothing to do with how safe a file is.
Edit: What you would really do is store your filename in a database along with a checksum of the full path. Then your script would be passed that checksum, which would then look up in your database, and then you’d return the file somehow. Don’t use your webserver to serve up the file, else (as you say in comments below) you could accidentally execute an uploaded PHP file.