如何保护用于让用户上传文件的文件夹?

时间:2021-05-25 07:08:49

I have a folder in my web server used for the users to upload photos using an ASP page.

我的网络服务器中有一个文件夹,用户可以使用ASP页面上传照片。

Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder.

是否足够安全地赋予文件夹IUSR写权限?我必须保护其他东西吗?我害怕黑客绕过ASP页面并将内容直接上传到该文件夹​​。

I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP.

我在Windows 2003 Server上使用ASP classic和IIS6。上传是通过HTTP而不是FTP。

Edit: Changing the question for clarity and changing my answers as comments.

编辑:更改问题以获得清晰度并将我的答案更改为评论。

4 个解决方案

#1


3  

also, I would recommend not to let the users upload into a folder that's accessible from the web. Even the best MIME type detection may fail and you absolutely don't want users to upload, say, an executable disguised as a jpeg in a case where your MIME sniffing fails, but the one in IIS works correctly.

此外,我建议不要让用户上传到可从网络访问的文件夹。即使最好的MIME类型检测可能会失败,并且您绝对不希望用户上传,例如,在MIME嗅探失败的情况下伪装成jpeg的可执行文件,但IIS中的那个可以正常工作。

In the PHP world it's even worse, because an attacker could upload a malicious PHP script and later access it via the webserver.

在PHP世界中,情况更糟,因为攻击者可以上传恶意PHP脚本,然后通过网络服务器访问它。

Always, always store the uploaded files in a directory somewhere outside the document root and access them via some accessing-script which does additional sanitizing (and at least explicitly sets a image/whatever MIME type.

始终,始终将上载的文件存储在文档根目录之外的某个目录中,并通过一些访问脚本访问它们,该脚本执行额外的清理(并且至少显式设置图像/任何MIME类型。

#2


1  

How will the user upload the photos? If you are writing an ASP page to accept the uploaded files then only the user that IIS runs as will need write permission to the folder, since IIS will be doing the file I/O. Your ASP page should check the file size and have some form of authentication to prevent hackers from filling your hard drive.

用户将如何上传照片?如果您正在编写ASP页面以接受上载的文件,则只有IIS运行的用户才需要对该文件夹具有写入权限,因为IIS将执行文件I / O.您的ASP页面应检查文件大小并具有某种形式的身份验证,以防止黑客填满您的硬盘驱动器。

If you are setting up an FTP server or some other file transfer method, then the answer will be specific to the method you choose.

如果您要设置FTP服务器或其他文件传输方法,则答案将特定于您选择的方法。

#3


0  

You'll have to grant write permissions, but you can check the file's mime type to ensure an image. You can use FSO as so:

您必须授予写入权限,但您可以检查文件的mime类型以确保图像。你可以这样使用FSO:

set fs=Server.CreateObject("Scripting.FileSystemObject")
set f=fs.GetFile("upload.jpg")
'image mime types or image/jpeg or image/gif, so just check to see if "image" is instr
if instr(f.type, "image") = 0 then
   f.delete
end if
set f=nothing
set fs=nothing

Also, most upload COM objects have a type property that you could check against before writing the file.

此外,大多数上载COM对象都具有您可以在写入文件之前检查的类型属性。

#4


0  

Your best bang for the buck would probably be to use an upload component (I've used ASPUpload) that allows you to upload/download files from a folder that isn't accessible from the website.

最好的帮助可能是使用上传组件(我使用ASPUpload),允许您从无法从网站访问的文件夹上传/下载文件。

You'll get some authentication hooks and won't have to worry about someone casually browsing the folder and downloading the files (or uploading in your case), since the files are only available through the component.

您将获得一些身份验证挂钩,并且不必担心有人随意浏览文件夹并下载文件(或在您的情况下上传),因为这些文件只能通过组件获得。

#1


3  

also, I would recommend not to let the users upload into a folder that's accessible from the web. Even the best MIME type detection may fail and you absolutely don't want users to upload, say, an executable disguised as a jpeg in a case where your MIME sniffing fails, but the one in IIS works correctly.

此外,我建议不要让用户上传到可从网络访问的文件夹。即使最好的MIME类型检测可能会失败,并且您绝对不希望用户上传,例如,在MIME嗅探失败的情况下伪装成jpeg的可执行文件,但IIS中的那个可以正常工作。

In the PHP world it's even worse, because an attacker could upload a malicious PHP script and later access it via the webserver.

在PHP世界中,情况更糟,因为攻击者可以上传恶意PHP脚本,然后通过网络服务器访问它。

Always, always store the uploaded files in a directory somewhere outside the document root and access them via some accessing-script which does additional sanitizing (and at least explicitly sets a image/whatever MIME type.

始终,始终将上载的文件存储在文档根目录之外的某个目录中,并通过一些访问脚本访问它们,该脚本执行额外的清理(并且至少显式设置图像/任何MIME类型。

#2


1  

How will the user upload the photos? If you are writing an ASP page to accept the uploaded files then only the user that IIS runs as will need write permission to the folder, since IIS will be doing the file I/O. Your ASP page should check the file size and have some form of authentication to prevent hackers from filling your hard drive.

用户将如何上传照片?如果您正在编写ASP页面以接受上载的文件,则只有IIS运行的用户才需要对该文件夹具有写入权限,因为IIS将执行文件I / O.您的ASP页面应检查文件大小并具有某种形式的身份验证,以防止黑客填满您的硬盘驱动器。

If you are setting up an FTP server or some other file transfer method, then the answer will be specific to the method you choose.

如果您要设置FTP服务器或其他文件传输方法,则答案将特定于您选择的方法。

#3


0  

You'll have to grant write permissions, but you can check the file's mime type to ensure an image. You can use FSO as so:

您必须授予写入权限,但您可以检查文件的mime类型以确保图像。你可以这样使用FSO:

set fs=Server.CreateObject("Scripting.FileSystemObject")
set f=fs.GetFile("upload.jpg")
'image mime types or image/jpeg or image/gif, so just check to see if "image" is instr
if instr(f.type, "image") = 0 then
   f.delete
end if
set f=nothing
set fs=nothing

Also, most upload COM objects have a type property that you could check against before writing the file.

此外,大多数上载COM对象都具有您可以在写入文件之前检查的类型属性。

#4


0  

Your best bang for the buck would probably be to use an upload component (I've used ASPUpload) that allows you to upload/download files from a folder that isn't accessible from the website.

最好的帮助可能是使用上传组件(我使用ASPUpload),允许您从无法从网站访问的文件夹上传/下载文件。

You'll get some authentication hooks and won't have to worry about someone casually browsing the folder and downloading the files (or uploading in your case), since the files are only available through the component.

您将获得一些身份验证挂钩,并且不必担心有人随意浏览文件夹并下载文件(或在您的情况下上传),因为这些文件只能通过组件获得。