All geek questions in one place

Uploading photos - How can I keep our site safe / stable

My website would like users to upload their photos ... but how can I protect our server from harm? Allowing JPG only should avoid problems with the virus, but what if someone selects a 10Gb file - will it slow down the whole site?

We use classic ASP and IIS6 (sorry, but be that as it may, this cannot change!). We used to use Persits DLLs to handle downloads. However, it would be helpful to other people if we extend this discussion to other languages ​​/ technologies.

ASPs cannot determine the size of the file until it completes the download, so this is a pain. Or can I check the length of the content in the HTTP header before starting the transfer?

Q1. Are there other ways someone can abuse the download tool?
Q2. How can I limit the danger to site security and server security?

Thanks.

+3
source share
6 answers

In Persists, you can set the maximum file size that a user can upload:

Upload.SetMaxSize 100000, True

The "true" above indicates that the file should be rejected if it exceeds the maximum size. If set to False, the file will be checked.

See http://www.aspupload.com/object_upload.html#SetMaxSize

+2
source

ASP.Net, web.config( machine.config), ASP.Net . , 4 , - 100 ,.Net , 4 .

maxRequestLength, MSDN " . , , , ."

.

<configuration>
  <system.web>
    <httpRuntime maxRequestLength="4000" ....

, ASP .

+2

, , "AspMaxRequestEntityAllowed" IIS: http://www.banmanpro.com/support2/File_Upload_limits.asp

- 200k, 1Mb !

0

IIS, , Microsoft UrlScan: http://technet.microsoft.com/en-us/security/cc242650.aspx

For IIS 6, it looks like you might not even need this. You must be able to set the MaxRequestEntityAllowed and ASPMaxRequestEntityAllowed metabase properties to the required maximum value and requests will be truncated at this point.

0
source

Source: https://habr.com/ru/post/1707049/

More articles:


All Articles