suggestions please "what should i watch for/guard against' in a file upload situation?"
Terry Reedy
tjreedy at udel.edu
Wed Oct 6 18:19:25 EDT 2010
On 10/6/2010 12:02 PM, geekbuntu wrote:
> in general, what are things i would want to 'watch for/guard against'
> in a file upload situation?
>
> i have my file upload working (in the self-made framework @ work
> without any concession for multipart form uploads), but was told to
> make sure it's cleansed and cannot do any harm inside the system.
>
> my checklist so far is basically to check the extension - ensure it
> has 3 places, ensure it's in the allowed list (like jpg gif etc...).
>
> not sure what else i could do to guard against anything bad
> happening. maybe the file name itself could cause greif?
>
> not sure but any suggestions or examples are most welcome :)
I am not sure whether anyone mentioned limiting the file size, checking
the incoming header, and aborting an upload if it goes over anyway. Most
sites do not want 10 gigabyte files ;-).
--
Terry Jan Reedy
More information about the Python-list
mailing list