File and image upload security considerations and best practices

Many web sites offer the ability to upload files. Whether it’s a simple JPG for an avatar, or a larger image for a photo gallery or perhaps an arbitrary file for a file cabinet type application there are several security considerations you need to take into account and some best practices for dealing with them. Here’s a partial list of some of the steps you should take if you are implementing this capability on your own site.

  • Don’t put the files within your normal web site directory structure.
  • Remove all path information from the uploaded file. In particular, never let the user specify which directory on the server the file is going to go in by, for example allowing relative paths to be specified.
  • Don’t use the original file name the user gave you, store it in your database if you need it, but use a generated file name for the file on disk, e.g. use a Guid as the file name. (You can add a content disposition header with the original file name for downloads but the path and file name on the server shouldn’t be something the user can influence).
  • Don’t trust image files - resize them and offer only the resized version for subsequent download. Some images can contain corrupted metadata that has in the past been able to attack vulnerabilities in some image manipulation software. Creating a clean, well-formed image file defends against this.
  • Don’t trust mime types or file extensions, examine the file headers or open the file and manipulate it to make sure it’s what it claims to be.
  • Limit the upload size and time.

Fri Jan 07 2011 17:57:31 GMT-0800 (Pacific Standard Time)

Disqus goes here