Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure your file upload pages!

Security

Secure your file upload pages!

by schase Posted Mar 31, 2005 (Edited Mar 31, 2005)

For anyone that has been writing in ASP for a period of time. You will eventually want to make a file upload option for your users or clients. It can easily be over looked while developing to not secure your file upload pages.

However no matter if you use an upload component (free or paid) such as:
ASPUpload
SA-FileUp
ABCUpload

Or create your own such as Pure ASP Upload, or using windows scripting.

Always make sure it is behind pages that check for authentication first (login page) - and make sure the upload page has authentication verification.. Recently a friend of mine tweaked his upload page, removing authentication checking during his debug process and forgot to put it back on. Someone half a world away found it (probably through vulnerability scanners) and uploaded his own script that allowed him to view the entire drives contents and download or upload what he wished.

There are a couple of good FAQ's here about creating login pages and checking for authentication.

http://www.tek-tips.com/faqs.cfm?fid=1030

http://www.tek-tips.com/faqs.cfm?fid=3630

Double check - err on the side of caution.

Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top