Allowing a visitor to upload files to a site may be required for many reasons: for example, to provide users with the ability to add profile pictures, or allow site owners to upload new images without touching HTML or CSS. FTP can be used by web developers to upload files, but it is insecure, and most visitors need a much more user-friendly method.
File uploads present a major potential attack vector for misuse of a site. There are essentially three central security concerns:
- Making sure that the user is uploading the right kind of file. (We may want to accept JPEG, GIF or PNG images, for example, but not Word documents, .tif or .avi files)
- Determining that the user is uploading the right size of file, both in terms of binary data and (in the case of images) resolution and/or aspect ratio.
- Determining that the file has an acceptable file name, and is saved in the correct location on the server.
We need to be as careful as possible in this process: allowing users to upload files to your server is essentially equivalent to leaving the door to your home open.
It is important to note that file uploads from a web page consist of two sides that we must code: the client-side interface (what the user sees and interacts with) and the server-side process of transferring the file. (If this sounds unfamiliar, you will probably want to read up of the concept of client-side vs. server side processing). Appropriate security should be on both sides of this process.
We’ll start with the HTML side of file uploads.