文件上传安全问题 [英] File upload security Concern

问题描述

我有一个公开的Web表单，它具有文件上传功能.现在，文件要么保存在Web服务器上，要么作为附件发送到电子邮件中.我们对大小有限制，即15MB和正在上传的文件扩展名.我们的SMTP服务器位于同一Web服务器上.我担心安全性，因为任何人都可以上传恶意文件，并且可能对我们的生产Web服务器产生影响.

I am having a web form available to public, which has file upload capability. Now files are either saved on web server or sent out as attachment in an email. We are having restriction on size i.e 15MB and extensions of file being uploaded. Our SMTP server is on same web server. I have concern about security, as anyone can upload malicious files and can have impact on our production web server.

通过这种可供公众使用的文件上传控制，我将面临哪些风险?无论如何，有人可以通过上传恶意文件在Web服务器上执行恶意脚本.

What are the risks I will be having by such file upload control available to public? Is there anyway someone can execute malicious script on web server by uploading malicious file.

我做了一些研究，发现了以下几点

I did some research and found out following points

1. 如果我以电子邮件附件形式发送文件，则该文件将在Temporary ASP .Net文件夹中临时存储，一旦发送电子邮件，该文件将被删除.
2. 您可以重命名文件，然后再将其保存在文件系统上.
3. 您可以将文件保存在网站的其他位置
4. 您可以进行某种实时病毒检查.我不确定您该怎么做.我正在阅读有关某些命令行病毒扫描的信息.但不确定我是否真的需要.

这些只是几点，但是我想知道文件上传中的任何盲点.

These are just few points, but I would like to know about any blind spots in file upload.

推荐答案

要回答有关可能的安全漏洞的问题，是的，即使您不将文件保存到应用程序中，也可以在应用程序和用户中确定创建漏洞.磁盘.但是，您可以采取一些防御措施来进行验证.

To answer your question about possible security vulnerabilities, yes you can definately create vulnerabilities in your application and for your users even if you don't save the file to the disk. But there are a few lines of defense you can take to validate.

首先，显然要限制可以上传的文件的类型，您可以使用白名单并检查扩展名，但不要就此止步. /strong>您还应该通过查看文件内容来进行验证，以确保文件符合预期的格式.这很关键，因为一个坏人可以将文件头插入上载的文件中，并将您的系统用作传播其恶意软件的僵尸.

The first is to obviously restrict the types of files that can be uploaded, you can do this with a white list and a check of the extension but don't stop there. You should also verify by looking at the contents of the file to ensure that it complies with the expected format. This can be critical as a bad guy can inject file headers into the file uploaded and use your system as a zombie for passing around his malware.

第二，您应该对上传的文件运行病毒扫描，您可以通过使用命令行执行本地病毒扫描程序来执行此操作.对于包括趋势科技在内的许多病毒扫描来说，这都是一件容易的事，除非您正在查看大量文件上传，否则这对您的服务器来说应该不算是一个大负担.

Second you should run a virus scan against the uploaded file, you can do this by using a command line to execute a local virus scanner. This is an easy thing to do with many virus scans including Trend Micro, and unless you're looking at a massive amount of file uploads then it should not be a huge tax on your server.

确保您从不通过路径作为用户提交的数据(通过GET或POST下载)，因为这会使您遭受路径遍历攻击.如果您的用户需要从浏览器下载文件，则可以创建一个存储记录的数据库，然后创建一个控制器或页面，该控制器或页面将根据数据库记录和用户对记录的访问来获取文件，而不是提供一个用户可以控制并用来从服务器获取文件的路径.

Ensure that you never pass paths as user submitted data (via GET or POST to download) as that can expose you to a path traversal attack. If your user needs to download the file from the browser you can create a database of where the records are stored and then create a controller or page that will fetch it based on the database record and the users access to that record, rather than provide a path which a user can control and use to get files from your server.

确保要保存到的目录无法由网络服务器读取，这样，他们就不会上传恶意软件脚本，而是通过HTTP从浏览器执行该脚本

Ensure that the directory you will save to is not readable by the web server, this way they don't upload a malware script and then execute it from their browser via an HTTP

确保您针对某个反XSS库验证所有用户输入(Microsoft提供了一个 http://www.microsoft.com/zh-cn/download/details.aspx?id=28589 )

Ensure that you validate all user input against some anti-XSS library (Microsoft provides one http://www.microsoft.com/en-us/download/details.aspx?id=28589)

希望有帮助！

这篇关于文件上传安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！