保留上载文件的原始文件名时的注意事项
我正在尝试将上传的文件名从不可读的文件转换为文件的,易于理解的有组织结构.我想知道是否需要采取其他安全措施来保护此类系统.
I am trying to convert our uploaded filenames from an unreadable pile of files to an organized and human-readable structure of files. I am wondering if there are any additional security measures I need to take to safe this type of system.
为了简要概述,当前系统将上传文件,生成一个随机文件名,并仅允许通过下载脚本访问文件(我无需将文件直接提供给浏览器).
To give a brief overview, the current system uploads files, generates a random filename, and allows the files to be accessed only through a download script (I have no need to serve the files directly to the browser).
简而言之,我想实现一个WebDav系统,并认为最简单的解决方案是使用原始名称(分隔到不同的文件夹中)存储上载的文件.
In short, I'd like to implement a WebDav system and would think the easiest solution would be to store uploaded files with their original name (separated into different folders).
谢谢
为明确起见,我想保留尽可能多的文件名,但显然,我至少需要先清理文件名.我考虑过修改包含文件夹以防止执行(位于Web目录外部的文件夹). 我还没有考虑什么.
To clarify, I'd like to retain the filename as much as possible, but I'd obviously need to at least sanitize the filenames first. I've considered chmod-ing the containing folder to prevent execution (a folder located outside of the web directory). What, in addition, am I not considering.
简而言之,我想实现一个WebDav系统,并认为最简单的解决方案是使用原始名称存储上载的文件
In short, I'd like to implement a WebDav system and would think the easiest solution would be to store uploaded files with their original name
这是一个相当广泛的问题,但请简短回答:从不信任用户提供的数据.您必须始终进行服务器端验证和清理,否则您迟早会遭到黑客攻击.
This is pretty wide question but to make answer short: NEVER TRUST USER PROVIDED DATA. You must always do server side validation and sanitization, otherwise you will be hacked sooner or later.
原始文件名是由客户端发送的,因此可以是任何名称.以下是一些有关我想以原始"文件名发送给您的信息的想法,知道您是如此[
无忧无虑:../../../../etc/passwd或../../config/db.php.随手处理.享受:)
Original file name is sent by client, so it can be anything. Here's some ideas of what I'd try to send you as "original" file names knowing you are so
carefree: ../../../../etc/passwd or ../../config/db.php. Handle as-it-comes. Enjoy :)
编辑
我应该提到我考虑过的事情-清理文件名
I should have mentioned things I've considered -- sanitizing filenames
已消毒的文件名不再是original file name.但是,您可以在此处考虑实现目标并保持安全的方法.您可以验证/清除原始文件名,如果之后仍与来自用户的文件名相同,则可以保留文件并保留原始名称.如果不是,则应拒绝整个文件上传.一天结束时,您将只拥有可以通过其他API/接口以原始文件名访问的文件.
Sanitized file name is not an original file name any more. However there's approach you could consider here to meed your goal and still stay safe. You could validate/sanitize original file names and if after that it still the same as it came from user, you can keep the file and retain the original name. If it is not, then you should reject the file upload as whole. At the end fo the day you will have only files that you can allow to be accessed with original file names via other API/interfaces.
编辑
我已经考虑过修改包含文件夹以防止执行
I've considered chmod-ing the containing folder to prevent execution
这是不好的安全性.您应该将文件保留在不能直接访问的文件夹中.
This is bad security. You should rather keep files in the folder that is not accessible directly instead.