"差"应该避免在文件上传网站上的文件扩展名? [英] "Bad" file extensions that should be avoided on a file upload site?
问题描述
我重新写一个文件托管站点,我想有能力托管每一个文件类型(而不是只有一个允许的扩展whilelist)运行nginx和linux。网站建立在PHP。我会禁用.php文件上传....但除此之外....还有什么我应该小心吗?
Im re-writing a file hosting site, and I want to have the ability to host every single file type (instead of just having a whilelist of allowed extensions).
Im running nginx and linux. Site is built in php. I'd disable th upload of .php files.... but other than that.... is there anything else I should watch out for?
A cleaner maneer to solve the problem would be to setup a subhost (something like files.somewhere.com) or a directory, and disable execution via a .htacess (Users will be able to upload php script, but the server will send it instead of executing it).
这篇关于"差"应该避免在文件上传网站上的文件扩展名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!