323
17
Secure fIle uploAdIng
Basic Principles of Secure File Uploading
Allowing untrusted file uploads from anonymous users is one of the most risky actions
for an application to allow; however, it is also one of the most expected features of an
application. One of the most common tasks users engage in is the uploading, down-
loading, and sharing of files. Here, security is at odds with user needs. To address this
problem, there are several well-established guidelines for handling user uploaded files
that can, if followed, keep the application and web server safe from malicious attack.
e critical thing to remember is that none of these procedures can make an
uploaded file safe. ere is no simple way, and no single method, no matter how many
check