Chapter 9. Using the File System

Most Web applications deal with files — accessing files on your server, generating files "on the fly," serving files from another server on your network, and allowing users to upload files. Each of these functions can introduce vulnerabilities into your application.

In this chapter, you will learn about the following:

  • How to access existing files safely

  • How to configure your server for secure file access

  • How to properly generate files

  • How to access remote files

  • How to handle user uploads


There are many reasons why a Web site may serve actual files in addition to Web pages. Sometimes, simply offering the user a direct download link is insufficient. Some Web sites may want to restrict certain content, or track downloads of software, music, images, or documents. To serve these files in a manner that enables access control or tracking they must be served via code, rather than a direct download URI.

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.