I have read a bunch of the discussion on uploading files via a form in FW and it appears to be a dicey proposition.
I am looking for info as the the security level of using Forms To Go to upload files. Their website has a page about their security features, but they mostly mention spam. I am more concerned about any real nasty issues that could crop up.
Any real world feedback or suggestions are appreciated. I absolutely require file uploads for the site, so I do need a practical solution.
There’s a lot of levels of things to worry about with a file upload
script. I don’t allow them outside of a secured (or at least
validated) environment because they are one of the easiest vectors
for taking down a server. And then, you have to really know what
you’re doing and have the kind of authority over your server that
most people don’t have when they rent server space from someone else.
At a minimum, you should:
Check file-type extensions on the uploaded file. Check, but don’t
trust.
Check the “magic” bits of the file to see if it matches the known
signature of a safe file.
Set permissions on the file such that it cannot be executed.
Upload to a location that can’t be reached by the public.
Know (and log) who is uploading the file.
Put the file in a sandbox or require some sort of moderation by a
human.
There’s more, but those will get you started. It would be child’s
play to make an Action to create a file upload, and I have several
different upload handler scripts here to choose from, but it would be
derelict of me to release something like that into the wild.
Walter
On Aug 6, 2008, at 6:54 PM, DeltaDave wrote:
I use a file uploader cgi script but the access page is in a
password protected folder.
I’ve used FTG to build file upload forms, and had very good luck with
that. Any form is a target for attacks, so I don’t think it’s just
file upload forms. FTG has some security features like restricting
access to the form handler to the form page itself.
One of the tricks I learned from Walter was to place uploaded files in
an area of the server that is not web accessible. Over the years I’ve
seen all kinds of nasty script files uploaded to that folder, but they
never get farther than that. The only time I ever had a site hacked
was using the forms from a semi-popular third-party content management
system. That was, of course, re-written to block that type of attack.
On Wed, Aug 6, 2008 at 3:00 PM, george wrote:
I have read a bunch of the discussion on uploading files via a form in FW and it appears to be a dicey proposition.
I am looking for info as the the security level of using Forms To Go to upload files. Their website has a page about their security features, but they mostly mention spam. I am more concerned about any real nasty issues that could crop up.
Any real world feedback or suggestions are appreciated. I absolutely require file uploads for the site, so I do need a practical solution.