I'm creating a very simple django upload application but I want to make it as secure as possible. This is app is going to be completely one way, IE. anybody who uploads a file will never have to retrieve it. So far I've done the following:
- Disallow certain file extensions (.php, .html, .py, .rb, .pl, .cgi, .htaccess, etc)
- Set a maximum file size limit and file name character length limit.
- Password protected the directory that the files are uploaded to (with .htaccess owned by root so the web server cannot possibly overwrite it)
Assuming that apache and mod_python are on the front end of this and that apache itself has been secured, are there any other "best practice" things I should do or consider to protect my application?
Thanks in advance.