安全风险或担心使用asp.net的FileUpload控件 - 以及建议的解决方案 [英] Security Risks or concerns with the use of FileUpload control of asp.net - and suggested solutions
问题描述
我正在寻找一个实用工具,通过它,用户可以使用asp.net FileUpload Server控件上传singh或多个文件。同样的安全担忧。我们脑子里有什么要违反安全的要点。如何提示用户病毒并终止上传操作
可能存在多种安全风险。请讨论提出的解决方案的问题/风险。
对此的任何答复都是最明显的。
解决方案
风险都是围绕调皮的人上传可以在网络服务器上执行的东西而引起问题。防止恶意文件上传相关问题的实用方法是通过检查 PostedFile.ContentType来限制服务器将接受的文件类型。 code>属性。这标识了MIME类型。最好是排除像 .exe 之类的东西,然后在MS Office生成的文件(如 .doc 和 .xls 。
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
- How to prompt user for viruses and terminate the upload operation
- How to scan files for viruses during upload operation
There may be several Security risks. Please discuss the issues/risks with proposed solutions.
Any reply for this most appreciable.
Thanks in advance
The risks all centre around the fact that naughty people will upload things that can execute on the web server machine and cause problems.
A pragmatic way of preventing issues relating to malicious file uploads is to restrict the file types your server will accept by checking the PostedFile.ContentType property. This identifies the MIME-type. Best to exclude things like .exe and then of course there are issues around macros and VBA automation in MS Office-generated files like .doc and .xls.
There's a 'how to' here: How to restrict file type in FileUpload control
这篇关于安全风险或担心使用asp.net的FileUpload控件 - 以及建议的解决方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
