Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Security issues when allowing file upload via CGI

by atcroft (Abbot)
on Dec 06, 2001 at 22:57 UTC ( #130024=note: print w/replies, xml ) Need Help??

in reply to Security issues when allowing file upload via CGI

The only major issues I see with it are: (a) making sure that quotas on the system are maintained, (b) permissions issues, and (c) potentials for liability for downloaded content. I am assuming there would also be a need for an authentication system to permit only users on the system to upload.

Quotas: You need to test that the files uploaded fall under the user's quota. I saw a system once that datafiles created by a CGI were owned by the user the webserver ran as, which resulted in them not appearing properly in the user's quota. You also will want to make sure that the user (and group, on systems with that feature) they show up in are correct, and have quotas in place, to prevent someone from filling the site or group's quota, or in the worst case, the partition or drive itself.

Permissions issues: On a *nix system, 644 would likely be the better permission to use. (For reference, the first place in the number is the permissions for the owner, the next for the group, the last for others on the system, and the value is the sum of the permissions, where 4 is read permission, 2 is write permission, and 1 is execute permission.) On other systems, permissions should be set so the uploaded data is not executable on the server. IF you are allowing users to upload CGI scripts, then that will be a special case, needing EXTREME care.

Download issues: Others above in this thread have made cases regarding when others download the content, so I will not repeat poorly their comments. Issue is, though, that any website can wittingly or unwittingly contain harmful content (which partially depends on your definition of "harmful"), and all you can reasonably be expected to do is try to make it more difficult for someone to post something intentionally.

In my own experience (which may or may not prove applicable to you), I had to set up a system for submitting files to a site that would notify the site owner of the submission. My solution was to have the uploads go to directory that was readily visible from the site, rename the file and set it non-executable, owned by the site owner's user/group, and send the site owner a link to the file, along with the name the submitter suggested. Beyond that, as a coder, I could only advise the site owner to use caution in dealing with the files.

Something else you may wish to look into, which I have heard of but never tried, is loading the content into, and pulling it from, a database. Of course, this is only if that would be appropriate for said content, and as always, YMMV.

  • Comment on Re: Security issues when allowing file upload via CGI

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://130024]
[Corion]: ambrus: Ah, but he's the boss, so the burden to show that it's impossible still lies on you :-)
[Corion]: ambrus: I would work with him through an example
[ambrus]: Yes, I was explaining him why I believe it's impossible.

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (8)
As of 2017-12-12 13:16 GMT
Find Nodes?
    Voting Booth?
    What programming language do you hate the most?

    Results (332 votes). Check out past polls.