使ASP.Net文件上传安全 [英] make ASP.Net file upload secure
问题描述
我用一个fileupload控件创建一个ASP.Net表单,然后通过电子邮件将表单和文件的详细信息发送给另一个管理员。我想确保这个安全(对于服务器和收件人)。附件应该是一个简历,所以我会限制它到典型的文本文件。
从我能告诉最好的选择是检查文件扩展名或MIME类型是的类型,并检查它与幻数来验证扩展没有被改变。我并不太在意如何去做,但是想知道这是否足够。
我也很乐意使用第三方产品这照顾了这一点,我已经看了几个:
blueimp jQuery文件上传
http://blueimp.github.io/jQuery-File-Upload/
和cutesoft ajaxuploader
http://ajaxuploader.com/Demo/
但blueimp似乎仍然需要自定义服务器验证(我猜只是jQuery它只是处理客户端验证)和.net之一检查MIME类型匹配的扩展,但我想MIME无论如何,类型必须遵循扩展名。
所以,
当文件是作为附件添加,但没有保存?
是否有一个插件或控件来处理这个问题?
如果我需要实现一些服务器验证,我自己是匹配的MIME类型的神奇数字足够好?
我确定没有什么是100%防弹,但文件上传是相当普遍的东西,我认为大多数实现是足够安全 - 但如何!?
如果相关,这是我的基本代码
< p>请在此附上您的简历< / p>
< asp:FileUpload ID =fileUploaderrunat =server/>
并提交
MailMessage消息=新的MailMessage();
if(fileUploader.HasFile)
{
try
{
if(fileUploader.PostedFile.ContentType ==text)
{$ b $如果(fileUploader.PostedFile.ContentLength< 102400)
{
string fileName = System .IO.Path.GetFileName(fileUploader.PostedFile.FileName);
message.Attachments.Add(new Attachment(fileUploader.PostedFile.InputStream,fileName));
}
else
{
//显示消息说文件过大
}
}
else
{
//显示一条消息,说明该文件不是基于文本的文档
}
}
catch(Exception ex)
{
//显示前。信息;
$解析方案A服务器永远不可能100%安全,但是我们应该尽我们最大的努力来减少事件的风险。在这一点上,我应该说,我不是一个专家,我只是一个计算机专业的学生。所以,在这种情况下,我会采取一种方法。请注释您可以给的任何额外提示。
一般来说,要有一个安全的表单,所有的客户端输入必须是检查和验证。任何不是来源于我们系统的信息都是不可信的。
在我们的例子中,来自客户端的输入:
- 文件名
$ b- 名称
- 扩展名
<
>
我们并不关心minetype,这是一个web服务器的信息。我们关心文件扩展名,因为这是OS如何运行/读取/打开文件的指示器。我们必须只支持特定的文件扩展名(您的管理员的电脑可以处理的事情),没有支持未知文件类型的点。 没有扩展名)
文件的名称并不总是有价值的信息。当我处理文件上传时,我通常将其重命名(设置)为一个id(用户名,时间戳,散列等)。如果名字很重要,总是检查/修剪它,如果你只希望字母或数字删除所有其他字符(我避免离开/,\,。,因为它们可以用于注入路径)。所以现在我们假设生成的文件名是安全的。
内容
如果您不支持结构化文件,则无法验证文件的内容。因此,让一个专家程序为您做这个...扫描他们的防病毒。从控制台调用防病毒软件(小心使用避免注入的机制)。许多杀毒软件也可以扫描zip内容(恶意文件,在你的服务器上的文件夹是不是一个好主意)。总是保持扫描程序更新。
在我建议的压缩文件的注释上,为了避免任何自动执行管理员的机器和服务器上。管理员的机器的防病毒可以在解压缩之前处理。
更多提示,不要给客户提供比他需要更多的信息...不要让客户端知道文件的保存位置,如果没有必要,不要让Web服务器访问它们进行分发。保持一个奇怪的行动日志(斜杠文件名,太大的文件,太长的名字,像shEXE蝙蝠)警告扩展),并报告管理员的电子邮件,如果有什么奇怪的事情发生您的保护工作)。
所有这些都会创建服务器工作负载(更多的系统漏洞),因此您应该计算在此之前扫描/检查的文件数接受一个新的文件上传请求(这是我会发起DDoS攻击)。
通过快速的谷歌搜索 Avast!对于Linux - 命令行指南,我不提倡使用Avast,我只是把它作为一个现有的例子来展示。
最后但并非最不重要的是,偏执狂,我管理一个自定义翻译系统,我编码...垃圾邮件和黑客攻击已经发生不止一次。
还有一些想法,在网页上运行的JavaScript只对客户端的计算机安全(感谢浏览器的安全性)。我们可以用它来防止无效的帖子到服务器,但是这并不能保证这样的请求不会被做,因为JavaScript可以被绕过/编辑。所以,所有的JavaScript解决方案仅用于第一次验证(通常只是为了帮助用户纠正错误)并正确设置表单数据。
I'm creating an ASP.Net form with a fileupload control which will then email the details of the form and the file to another admin. I want to ensure this secure (for the server and the recipient). The attachment should be a CV so I will restrict it to typical text documents.
From what I can tell the best bet is to check that the file extension or MIME Type is of that kind and check it against the "magic numbers" to verify that the extension hasn't been changed. I'm not too concerned about how to go about doing that but want to know if that really is enough.
I'd also be happy to use a third party product that takes care of this and I've looked at a couple:
blueimp jQuery file upload http://blueimp.github.io/jQuery-File-Upload/
and cutesoft ajaxuploader http://ajaxuploader.com/Demo/
But blueimp one still seems to require custom server validation (i guess just being jQuery it just handles client-side validation) and the .net one checks the MIME-type matches the extension but I thought the MIME type followed the extension anyway.
So,
Do I need to worry about server security when the file is added as an attachment but not saved? Is there a plugin or control that takes care of this well? If I need to implement something for server validation myself is matching the MIME-type to the "magic numbers" good enough?
I'm sure nothing is 100% bulletproof but file upload is pretty common stuff and I assume most implementations are "safe enough" - but how!?
If it's relevant, here is my basic code so far
<p>Please attach your CV here</p>
<asp:FileUpload ID="fileUploader" runat="server" />
and on submit
MailMessage message = new MailMessage();
if (fileUploader.HasFile)
{
try
{
if (fileUploader.PostedFile.ContentType == "text")
{
// check magic numbers indicate same content type... if(){}
if (fileUploader.PostedFile.ContentLength < 102400)
{
string fileName = System.IO.Path.GetFileName(fileUploader.PostedFile.FileName);
message.Attachments.Add(new Attachment(fileUploader.PostedFile.InputStream, fileName));
}
else
{
// show a message saying the file is too large
}
}
else
{
// show a message saying the file is not a text based document
}
}
catch (Exception ex)
{
// display ex.Message;
}
}
A server can never be 100% secure, but we should do our best to minimize the risk on an incident. I should say in this point that I am not an expert, I am just a computer science student. So, here is an approach that I would follow in such a case. Please, comment any additional tip you can give.
Generally speaking, to have a secure form, all client inputs must be checked and validated. Any information that does not origin from our system is not trusted.
Inputs from the client in our case:
- file's name
- name
- extension
- file's content
Extension
We don't really care about the minetype, this is info for a web server. We care about the file extension, because this is the indicator for the OS on how to run/read/open a file. We have to support only specific file extensions (what ever your admin's pc can handle) there is no point supporting unknown file types.
Name (without the extension)
The name of the file is not always a valuable info. When I deal with file uploading I usually rename it (set it) to an id (a username, a time-stamp, hashes etc). If the name is important, always check/trim it, if you only expect letters or numbers delete all other chars (I avoid to leave "/", "\", "." because they can be used to inject paths).
So now we suppose that the generated file name is safe.
Content
When you support no structured files, you just can not validate the file's content. Thus, let an expert program do this for you... scan them with an antivirus. Call the antivirus from the console (carefully, use mechanics that avoid injections). Many antivirus can scan zips contents too (a malicious file, in a folder on your server is not a good idea). Always keep the scan program updated.
On the comments I suggested zipping the file, in order to avoid any automatic execution on the admin's machine and on the sever. The admin's machine's antivirus can then handle it before unzip.
Some more tips, don't give more information's to the client than he needs... don't let the client know where the files are saved, don't let the web-server access them for distribution if there no need to. Keep a log with weird actions (slashes in filenames, too big files, too long names, warning extensions like "sh" "exe" "bat") and report the admins with an email if anything weird happen (it is good to know if your protections work).
All these creates server work load (more system holes), so you may should count the number of files that are scanned/checked at the moment before accepting a new file upload request (that is where I would launch a DDoS attack).
With a quick google search Avast! For Linux - Command Line Guide, I do not promote Avast, I am just showing it as an existing example.
Lastly but not least, you are not paranoid, I manage a custom translation system that I coded... spams and hack attacks have occurred more than once.
Some more thoughts, JavaScript running on a web-page is only secure for the client's computer (thanks to the browser's security). We can use it to prevent invalid posts to the server but this does not ensures that such requests will not be done as JavaScript can be bypassed/edited.
So, all JavaScript solutions are only for a first validation (usually just to help the user correct mistakes) and to correctly set the form data.
这篇关于使ASP.Net文件上传安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
