保护文件上传 [英] Securing file upload

问题描述

几年前我在一个小公司写了一个网站，当时我正在读书。我已经意识到我的安全技能不如他们本来应该得到的那样好，最近这个网站被黑客攻击，恶意的php代码被上传到了一个用于图片上传的表单中。

我已经进入了.NET世界，虽然我知道如何在.NET中保证文件上传，但我真的不知道如何使用PHP来完成。对不起，我无法提供任何源代码，因此我不希望任何人发布我的代码的任何直接修复。

我希望有人能给我一个很好的服务器端分析方法，以确保上传的$ FILES数组内容实际上是一个图像或音频 - 文件，或者至少它不是一个php文件。

解决方案

很高兴你问。这是一个棘手的问题，很少有应用程序开发人员知道安全风险。

我会给你一个你应该采取的方法的总结，以及一些阅读学到更多。请确保您阅读了额外的阅读材料，因为我的摘要是不完整的。

摘要：
$ b

1. 将用户上传的内容托管在单独的域上。这是您可以采取的最重要也是最可靠的防御措施。

检查上传文件上传时的MIME类型，确保其上传一个安全的MIME类型的白名单。生成一个新的随机文件名将其保存。对于某些文件类型（如图像），请考虑对其进行重新编码（例如，转换为PNG，或使用ImageMagick将其从文件类型转换为相同的文件类型），因为这可能会打败一些攻击。



2. 下载/检索文件时，确保将 Content-Type：标头显式设置为安全的MIME类型。还要设置 X-Content-Type-Options：nosniff 标题。如果您不打算在浏览器中查看文件，请发送 Content-Disposition：attachment 标题，以使浏览器将其视为文件下载。
   

3. 扫描文件上传的病毒或恶意软件。
   

读：

• 应该采取哪些步骤来验证用户上传的应用程序中的图像？

stackexchange.com/q/3129/971\">MIME嗅探保护

• 安全地存储和重放用户提供的MIME类型吗？

• 只有在白名单的MIME内容类型下才能安全地上传用户上传的文件？

I wrote a web site for a small company several years ago, while I was studying. I have come to the realization that my security skills were not as good as they should have been, and recently the site was hacked and malicious php-code was uploaded using a form which was meant for image uploads.

I have since moved on to the .NET world and whilst I know how to secure file uploads in .NET I really have no idea how to do it using PHP. I am sorry that I can not provide any source code, and I am therefore not expecting anyone to post any direct fixes for my code.

What I hope is that someone can show me a good approach to server-side analysis to ensure that the uploaded $FILES array content is in fact an image or an audio-file, or at the very least that it is not a php-file.

解决方案

Glad you asked. This is a tricky subject, and few application developers are aware of the security risks.

I'll give you a summary of the approaches you should take, and some reading to learn more. Make sure you read the additional reading, because my summary is incomplete.

Summary:

1. Host the user-uploaded content on a separate domain. This is the most important and reliable defense you can take.

2. Check the MIME type of the uploaded file, when it is uploaded, to make sure it is on a whitelist of safe MIME types. Generate a new random filename to save it under. In the case of some file types, such as images, Consider re-coding it (e.g., transform to PNG, or use ImageMagick to convert it from its filetype to the same filetype), as this may defeat some attacks.

3. When the file is downloaded/retrieved, make sure to set the Content-Type: header explicitly to the safe MIME type. Also set a X-Content-Type-Options: nosniff header. If you don't intend for the file to be viewed in the browser, send a Content-Disposition: attachment header, too, to make the browser treat it as a file download.

4. Scan file uploads for viruses or malware.

Reading:

• What steps should be taken to validate user uploaded images within an application?

• MIME sniffing protection

• Is it safe to store and replay user-provided mime types?

• Is it safe to serve any user uploaded file under only white-listed MIME content types?

这篇关于保护文件上传的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！