views:

1221

answers:

1

I'm creating a very simple django upload application but I want to make it as secure as possible. This is app is going to be completely one way, IE. anybody who uploads a file will never have to retrieve it. So far I've done the following:

  1. Disallow certain file extensions (.php, .html, .py, .rb, .pl, .cgi, .htaccess, etc)
  2. Set a maximum file size limit and file name character length limit.
  3. Password protected the directory that the files are uploaded to (with .htaccess owned by root so the web server cannot possibly overwrite it)

Assuming that apache and mod_python are on the front end of this and that apache itself has been secured, are there any other "best practice" things I should do or consider to protect my application?

Thanks in advance.

+2  A: 

Disallowing a file extension is -- potentially -- a waste of time. A unix server doesn't use the extension -- it uses ownership and permissions.

When accepting an upload, you will often rename the file to prevent it being misused. Uploaded files should be simply named "upload_xxx" with the "xxx" being a key to some database record that provides the claimed name and data type.

You have to actually read the file and confirm that the content of the file is what someone claims it is.

For example, if they claim to upload a .JPG, you have to actually read the file to be sure it's a JPEG, not an .EXE.

S.Lott
OT, but S. Lott, will you be at the Boston Dev Days? I would be interested in hearing your thoughts and musings on Python and Django.
Thomas Owens
Thanks for the information, that's a good point about verifying file type.The reasoning behind disallowing the extensions isn't necessarily to disallow that file type specifically, but to make sure that if the user were to somehow get access to that file via apache, that apache itself wouldn't try to execute that file. IE. if they upload a .php script and then browse to http://example.com/upload/files/user_uploaded_script.php, apache would run that .php script as if it were a normal php page.
seiryu
Great ideas, thank you very much!
seiryu