上传照片 - 我怎样才能保持我们的网站安全/稳定 [英] Uploading photos - How can I keep our website safe/stable

问题描述

我的网站希望用户上传自己的照片......但我要如何保持我们的服务器的安全不受伤害？只允许JPG格式应避免病毒作怪，但如果有人选择10GB的文件 - 将减缓整个网站下载下来

My website would like users to upload their photos...but how do I keep our server safe from harm? Allowing only JPGs should avoid virus trouble, but what if someone selects a 10Gb file - will that slow the whole website down?

我们使用的是传统的ASP和IIS6（抱歉，但是这是怎么回事，无法改变的！）。 previously我们已经从一个叫做Persits处理上传公司使用的DLL。然而，这将有助于其他人，如果我们太扩展这个讨论其他语言/技术。

We're using Classic ASP and IIS6 (sorry, but that's how it is, can't change that!). Previously we have used a DLL from a company called Persits to handle uploads. However, it would be helpful to other people if we extend this discussion to other languages/technologies too.

平均价格无法检测文件的大小，因此是一种痛苦。或者，我可以检查内容长度的HTTP头之前，我开始转移？

ASPs cannot detect the size of a file until it has finished uploading, so thats a pain. Or can I check content-length in the HTTP header before I start the transfer?

Q1。是否有任何其他方式有人可能会滥用上载工具？

Q2。如何限制的危险保持网站的运行和服务器安全吗？

Q1. Are there any other ways someone could abuse the upload facility?
Q2. How can I limit the danger to keep the site running and the server safe?

感谢您。

推荐答案

在仍然存在，您可以设置用户可以上传文件的最大尺寸：

In Persists, you can set the maximum filesize a user can upload:

Upload.SetMaxSize 100000, True

真实上面显示该文件，如果超过最大尺寸被拒绝。如果设置为false，那么该文件将被trucated。

The "True" above shows that the file is to be rejected if over the Max size. If set to False then the file will be trucated.

请参阅 http://www.aspupload.com/object_upload.html#SetMaxSize

这篇关于上传照片 - 我怎样才能保持我们的网站安全/稳定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！