将文件作为字节数组存储在数据库中,存在安全风险吗?
我们有一个asp.net应用程序,允许用户上传文件,文件被保存到临时磁盘位置,然后附加到记录并保存在数据库中。
我的问题涉及安全和/或病毒问题。这种方法有安全漏洞吗?如果病毒从不执行,它会造成危害吗(文件被保存,然后使用文件流打开,转换为字节数组并保存到数据库。
稍后,当需要该文件时,我们将文件流回给用户。
文件被保存到Web 服务器上的文件夹如下所示:
context.Request.Files[0].SaveAs(); (位置是 app_data/files 下的文件夹)
稍后,当同一用户创建记录时,我们会获取该文件从磁盘并将其存储在数据库中,如下所示:
FileStream fileStream = File.OpenRead(currentFilePath);
byte[] ba = new byte[fileStream.Length];
int len = fileStream.Read(ba, 0, ba.Length);
//ba saved to DB here as varbinary(max)
我们限制可以上传到此列表的文件:
List<string> supportedExtensions = new List<string>(10) {".txt", ".xls", ".xlsx", ".doc", ".docx", ".eps", ".jpg", ".jpeg", ".gif", ".png", ".bmp", ".rar", ".zip", ".rtf", ".csv", ".psd", ".pdf" };
文件像这样流回用户的 Web 浏览器:
//emA = entity object loaded from DB
context.Response.AppendHeader("Content-Disposition", "inline; filename=\"" + emA.FileName + "\"");
context.Response.AddHeader("Content-Type", emA.ContentType);
context.Response.BinaryWrite(emA.FileContent);
We have an asp.net application that allows users to upload files, the files are saved to temporary disk location and later attached to a record and saved in DB.
My question pertains to security and/or virus issues. Are there any security holes in this approach? Can a virus cause harm if it is never executed (file is saved, then opened using filestream, converted to byte array and saved to DB.
Later, when the file is needed we stream the file back to user.
The files are saved to a folder on the web server like this:
context.Request.Files[0].SaveAs(); (location is a folder under app_data/files)
later when the same user creates a record we grab the file from disk and store it in db like this:
FileStream fileStream = File.OpenRead(currentFilePath);
byte[] ba = new byte[fileStream.Length];
int len = fileStream.Read(ba, 0, ba.Length);
//ba saved to DB here as varbinary(max)
We limit the files that can be uploaded to this list:
List<string> supportedExtensions = new List<string>(10) {".txt", ".xls", ".xlsx", ".doc", ".docx", ".eps", ".jpg", ".jpeg", ".gif", ".png", ".bmp", ".rar", ".zip", ".rtf", ".csv", ".psd", ".pdf" };
The file is streamed back to user's web browser like this:
//emA = entity object loaded from DB
context.Response.AppendHeader("Content-Disposition", "inline; filename=\"" + emA.FileName + "\"");
context.Response.AddHeader("Content-Type", emA.ContentType);
context.Response.BinaryWrite(emA.FileContent);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
接受来自未知用户的文件时始终存在安全风险。任何人都可能在 Office 文档中使用 VBA(Visual Basic for Applications)编写病毒。
您的方法并不比直接将它们保存在文件系统或直接保存在数据库中存在更多或更少的安全风险除了一个问题...
如果文件被保存到磁盘后,可以使用传统的病毒扫描程序对其进行扫描。据我所知,大多数病毒扫描程序不会扫描以字节数组形式存储在数据库中的文件。
如果是我的服务器,我会出于性能原因而不是安全原因将它们存储在文件系统上,并且您可以打赌,如果我允许潜在危险的文件(例如办公文档、可执行文件),我会让病毒扫描程序扫描它们, ETC。
There's always a security risk when accepting files from unknown users. Anyone could potentially write a virus in VBA (Visual Basic for Applications) in the office documents.
Your approach is no more or less of a security risk than saving them directly on the file system or directly in the database except for one concern...
If the files are saved to the disk, they can be scanned by traditional virus scanners. As far as I know most virus scanners don't scan files that are stored in a DB as a byte array.
If it were my server, I would be storing them on the file system for performance reasons, not security reasons, and you can bet I would have them scanned by a virus scanner if I were allowing potentially dangerous files, such as office documents, executables, etc.
让您的用户在允许他们上传文件之前创建登录名。这种未经检查的访问是闻所未闻的......并不是说这本身就是一个解决方案,而是像所有良好的安全系统一样,它可以形成一个额外的层:-)
Have your users create logins before allowing them to upload files. Unchecked access of this kind is unheard of... not saying that this is a solution in and of itself, but like all good security systems it can form an extra layer :-)
我认为除了将文件保存到磁盘之外还有更多的安全风险。这里的风险通常与存储数据的位置无关,因为正如您已经指出的那样,存储的文件不会被执行。
风险通常在于数据的传输方式。蠕虫会利用一些环境,将通过系统的数据视为代码并开始执行。此类攻击不需要存在任何正在传输的“文件”的感觉,在过去,特殊格式的 URL 就足够了。
也就是说,我从来不理解在 SQL 数据库中存储大型二进制数据的愿望。为什么不直接将文件保存在磁盘上并将文件路径存储在数据库中。然后,您可以使用 WriteFile 或 URL 重写等功能来让 IIS 发挥其擅长的作用。
I can't see there being anymore security risk than saving the files to disk. The risks here are often not to do with where you store the data since as you've already pointed out the stored file doesn't get executred.
The risk is usually in how the data is transfered. Worms will exploit circumstances which allow what was just data on its way through the system to be treat as if it were code and start being executed. Such exploits do not require that any sense of "file" being transfered be present, in the past a specially formatted URL could suffice.
That said, I've never understood the desire to store large binary data in a SQL database. Why not just save the files on disk and store the file path in the DB. You can then use features such as WriteFile or URL re-writing to get IIS do what its good at.