A Brief Discussion on the vulnerability on web and its principle analysis and prevention methods (Storage method for security documents)
- 2020-06-23 00:02:21
- OfStack
This kind of vulnerability, mainly can read the user passed in the path name, using incorrect filtering method, lead to malicious users, will save the file to the unexpected place, bring security risks.
Actually, let's just grab a couple of places. Let's start with the analysis. Since the user is going to save the file, and the file will be in a variety of formats; May have file content and user incoming format not 1, some file content also contains Trojan code. So, we let the user save the file, with the site file to do a separate authorization, do quarantine.
Keep directories separate. Directory permissions cannot be read only
This step is authorized from the system design, no matter what file you have last time, is impossible to perform. Even if I do not do any detection, your files are saved here, it will not constitute a security for my system. (If some pictures of reactionary words are saved on the user's account, it needs to be dealt with in addition)
Instead of passing in values directly from the server, everything is checked
This kind of input is harmful as we do 1 cut principle 1, for the client incoming: type, name, should be judged, do not use directly. To generate to a directory, a filename.
The best way to file name is: write the dead directory (do not read the incoming directory), file name, it is better to generate their own random, do not read the user file name. File extension, can be taken to the right of the ". "after the character.
The above two methods, just from two aspects of the overall constraints on the existence.
Method 2: Save the filename, write to the directory specified by yourself, and the filename is generated by yourself.
Method 1: Just make sure that the file is written to the correct location, and then from the configuration, write directory permission control, this is the root. Yes, whatever file you save, you don't have permission to run it.
Above 2 methods, 1 use, can ensure that the file is saved to the correct place, then, permissions can be controlled. By the way, to determine whether the user's saved file meets the required type, just check the file extension, as long as it meets the extension let it be saved. Anyway, if you do execute permission restrictions, you don't save content as required, so be it. Anyway, it wouldn't do much harm if it couldn't be executed.
Correct steps:
1. Read the file name and verify that the extension is in range
2. Define the generated filename, directory and extension from the filename extension. Other values, are self-configured, do not read on - save content
3. Move the file to a new directory (this directory permission is set to read only)
Well, the above is a general method of operation, hope to help you, also welcome friends to exchange! Also hope to provide a better way! In the following, I will continue to write about common methods and functional safety design in web development.
Actually, let's just grab a couple of places. Let's start with the analysis. Since the user is going to save the file, and the file will be in a variety of formats; May have file content and user incoming format not 1, some file content also contains Trojan code. So, we let the user save the file, with the site file to do a separate authorization, do quarantine.
Keep directories separate. Directory permissions cannot be read only
This step is authorized from the system design, no matter what file you have last time, is impossible to perform. Even if I do not do any detection, your files are saved here, it will not constitute a security for my system. (If some pictures of reactionary words are saved on the user's account, it needs to be dealt with in addition)
Instead of passing in values directly from the server, everything is checked
This kind of input is harmful as we do 1 cut principle 1, for the client incoming: type, name, should be judged, do not use directly. To generate to a directory, a filename.
The best way to file name is: write the dead directory (do not read the incoming directory), file name, it is better to generate their own random, do not read the user file name. File extension, can be taken to the right of the ". "after the character.
The above two methods, just from two aspects of the overall constraints on the existence.
Method 2: Save the filename, write to the directory specified by yourself, and the filename is generated by yourself.
Method 1: Just make sure that the file is written to the correct location, and then from the configuration, write directory permission control, this is the root. Yes, whatever file you save, you don't have permission to run it.
Above 2 methods, 1 use, can ensure that the file is saved to the correct place, then, permissions can be controlled. By the way, to determine whether the user's saved file meets the required type, just check the file extension, as long as it meets the extension let it be saved. Anyway, if you do execute permission restrictions, you don't save content as required, so be it. Anyway, it wouldn't do much harm if it couldn't be executed.
Correct steps:
1. Read the file name and verify that the extension is in range
2. Define the generated filename, directory and extension from the filename extension. Other values, are self-configured, do not read on - save content
3. Move the file to a new directory (this directory permission is set to read only)
Well, the above is a general method of operation, hope to help you, also welcome friends to exchange! Also hope to provide a better way! In the following, I will continue to write about common methods and functional safety design in web development.