Home/ Questions/Q 8700247
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T02:08:08+00:00

This is the first time I am building a web app for the sole

  • 0

This is the first time I am building a web app for the sole purpose of processing user uploaded files and I have a few questions in regards to how this is normally done:

  1. Are there any security issues that I have to take into account? The files to be processed are in essence text files that my app will read line by line. Should I limit the file upload extension and/or is there any other precautions I should take into account?

  2. What is the best organization method for uploaded files? These files do not need to be stored permanently in my app so should I just dump them in a general “Data” folder and delete whatever is no longer needed?

  3. Are there any other important aspects to building web apps with similar functionalities that I’ve missed?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. The only security issue you have to watch for is inserting the raw text (without data scrubbing to prevent SQL injections) into the database. If there is no database involved, you should be fine. As for extensions, limiting extensions is really a poor top-level filter. It’s good to have, but it’s only peering skin deep into what the file really contains. A file size limit would help also.

    2. Saving to the disk can be costly with a large amount of transactions, but on the other hand, it will clutter your server memory less as more requests/more threads are being used. You can also work with the files in-memory, but for large files, it may end up being detrimental. Consider what you’re working with and choose the best approach.

    3. Define a timeout so that large uploaded files won’t be occupying unnecessary server processes when in the end it’s too large anyway.

    I am assuming that you’re working with ASP.NET’s FileUpload control. Bear in mind that the file does not persist through postbacks (to prevent a security loophole), so the user has to keep browsing to the file each time the page is requested. This is a nuisance if you have server-side validators.

    Edited to answer comment:

    By working in-memory, I am talking about manipulating the file uploaded purely through code without resorting to saving it physically on the server’s disk.

    For instance, if you’re using a FileUpload control, then the user’s file can be accessed through a Stream object FileUpload.FileContent or as a byte array FileUpload.FileBytes (API Reference). Since that’s a Stream you can just read the file on the fly without having to save it first.

    Markup:

    <asp:FileUpload ID="fileUploadControl" ToolTip="Upload a file" runat="server" />

    Codebehind:

    If fileUploadControl.HasFile AndAlso _
   (fileUploadControl.FileName.ToLower().EndsWith(".txt") OrElse _
    fileUploadControl.ToLower().FileName.EndsWith(".dat")) Then
    SaveThisToDataBase(fileUploadControl.FileName, fileUploadControl.FileBytes)
End If

    See? No need to save to the disk at all. fileUploadControl.FileBytes contains a bytearray of the data uploaded.

    If you wanted to save to a file, then you can just use the stream to write to the disk.

    • 0