Contact us for your penetration testing needs 1-866-PLYNT-24    |   Contact Us   Plynt UK Website  
Click to get Security Testing Quote
My application allows users to upload files. What precautions should I take?

File uploads can be a risk, if files are uploaded to a directory that has execute/script permissions. Then, an adversary can upload a malicious script or executable. When that gets executed (by invoking it remotely, say), it can cause damage.

Here're two precautions to take:

- Store the files in a private space that's not accessible to a
user directly from the web. For eg, store the files in a database.

- If the files are stored in the file system, then do not give write or execute permissions in that folder.


Request a proposal

Our quote contains the best price, the time estimate, and our methodology; and we'll mail you the quote in 24 hrs.


                                                
 
Movable Type Appliance - Powered by TurnKey Linux