Such vulnerabilities, mainly can read the user's incoming path name, using incorrect filtering methods, resulting in malicious users, the file stored to unexpected places, bring security risks.
In fact, we grasp a few places, we first analyze, since the user to save files, and the file will be a variety of formats, the possible file content and user incoming format inconsistent, and some file content is also mixed with Trojan code. So, we allow users to save files, and site files to do a separate authorization, do quarantine.
makes saving the stored directory independent, and directory permissions read-only cannot perform
This step is authorized from system design, no matter what file you last, it is impossible to execute. Even if I do not do any testing, your files are stored here, it will not make my system security. (If there is a user to save some pictures of the reactionary language, that other need to deal with)
does not directly use the server incoming values, all have to be detected
This is the same kind of bad principle as we do all the input, For client incoming: type, name, to be judged and not used directly. For a directory to be generated, a filename. The best way to
file names is to write your own dead directory (do not read incoming directories), file names, preferably randomly generated, do not read user file names. File name extension, you can take the rightmost "." Back character.
The above 2 methods, just from 2 aspects of the total constraint on the store.
Method 2: Save the stored file name, write to the directory you specified, and the file name builds itself.
Method 1: As long as the file is written to the right location, and then from the configuration, the Write directory permissions control, this is the root causes. Can do, you no matter what file, you do not have the authority to jump out to run.
The above 2 methods, used together, ensure that files are stored correctly, and then permissions can be controlled. Here, by the way, to determine whether the user files to meet the requirements of the type, directly check the file extension, as long as the extension to meet to save. Anyway, the implementation of the restrictions, you do not follow the requirements of the content, there is no harm. Anyway, can not be carried out, it will not be much harm.
Correct steps:
1. Read the filename, verify that the extension is in scope
2. You define the generated file name, directory, and extension from the filename extension. Other values, are configured themselves, do not read the contents of the store
3. Move files to a new directory (this directory permission is set to read only)
Okay, here's theGeneral operating methods, I hope to help you, but also welcome friends to communicate! Also hope to provide a better way! Next, I will be in the web development, some common methods of functional security design to continue to write some of my experience, views!