如何保护用于让用户上传文件的文件夹的安全?
我的 Web 服务器中有一个文件夹,供用户使用 ASP 页面上传照片。
授予 IUSR 对该文件夹的写入权限是否足够安全? 我必须确保其他东西吗? 我担心黑客会绕过 ASP 页面,直接将内容上传到文件夹中。
我在 Windows 2003 Server 上使用 ASP classic 和 IIS6。 上传是通过HTTP,而不是FTP。
编辑:为了清楚起见更改问题并将我的答案更改为评论。
I have a folder in my web server used for the users to upload photos using an ASP page.
Is it safe enough to give IUSR write permissions to the folder? Must I secure something else?
I am afraid of hackers bypassing the ASP page and uploading content directly to the folder.
I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP.
Edit: Changing the question for clarity and changing my answers as comments.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您必须授予写入权限,但您可以检查文件的 mime 类型以确保图像。 您可以这样使用 FSO:
此外,大多数上传 COM 对象都有一个类型属性,您可以在写入文件之前检查该属性。
You'll have to grant write permissions, but you can check the file's mime type to ensure an image. You can use FSO as so:
Also, most upload COM objects have a type property that you could check against before writing the file.
用户将如何上传照片? 如果您正在编写一个 ASP 页面来接受上传的文件,那么只有 IIS 运行的用户才需要对该文件夹的写入权限,因为 IIS 将执行文件 I/O。 您的 ASP 页面应该检查文件大小并具有某种形式的身份验证,以防止黑客填充您的硬盘驱动器。
如果您正在设置 FTP 服务器或其他文件传输方法,那么答案将特定于您选择的方法。
How will the user upload the photos? If you are writing an ASP page to accept the uploaded files then only the user that IIS runs as will need write permission to the folder, since IIS will be doing the file I/O. Your ASP page should check the file size and have some form of authentication to prevent hackers from filling your hard drive.
If you are setting up an FTP server or some other file transfer method, then the answer will be specific to the method you choose.
最划算的方法可能是使用上传组件(我使用过 ASPUpload),它允许您从无法从网站访问的文件夹上传/下载文件。
您将获得一些身份验证挂钩,并且不必担心有人随意浏览文件夹并下载文件(或在您的情况下上传),因为这些文件只能通过组件获得。
Your best bang for the buck would probably be to use an upload component (I've used ASPUpload) that allows you to upload/download files from a folder that isn't accessible from the website.
You'll get some authentication hooks and won't have to worry about someone casually browsing the folder and downloading the files (or uploading in your case), since the files are only available through the component.
另外,我建议不要让用户上传到可从网络访问的文件夹中。 即使是最好的 MIME 类型检测也可能会失败,并且您绝对不希望用户在 MIME 嗅探失败但 IIS 中正常工作的情况下上传伪装成 jpeg 的可执行文件。
在 PHP 世界中情况更糟,因为攻击者可以上传恶意 PHP 脚本,然后通过网络服务器访问它。
始终将上传的文件存储在文档根目录之外的某个目录中,并通过某些访问脚本访问它们,该脚本会进行额外的清理(并且至少显式设置图像/任何 MIME 类型)。
also, I would recommend not to let the users upload into a folder that's accessible from the web. Even the best MIME type detection may fail and you absolutely don't want users to upload, say, an executable disguised as a jpeg in a case where your MIME sniffing fails, but the one in IIS works correctly.
In the PHP world it's even worse, because an attacker could upload a malicious PHP script and later access it via the webserver.
Always, always store the uploaded files in a directory somewhere outside the document root and access them via some accessing-script which does additional sanitizing (and at least explicitly sets a image/whatever MIME type.