Chapter 9. Using the File System

Most Web applications deal with files — accessing files on your server, generating files "on the fly," serving files from another server on your network, and allowing users to upload files. Each of these functions can introduce vulnerabilities into your application.

In this chapter, you will learn about the following:

  • How to access existing files safely

  • How to configure your server for secure file access

  • How to properly generate files

  • How to access remote files

  • How to handle user uploads

ACCESSING EXISTING FILES SAFELY

There are many reasons why a Web site may serve actual files in addition to Web pages. Sometimes, simply offering the user a direct download link is insufficient. Some Web sites may want to restrict certain content, or track downloads of software, music, images, or documents. To serve these files in a manner that enables access control or tracking they must be served via code, rather than a direct download URI.

Get Beginning ASP.NET Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.