Preventing users from uploading malicious files


Preventing users from uploading malicious files



My question is this - When using Azure Storage, is this handled for me or do I have to make sure the user doesnt upload something that could compromise the server?



What should I be protecting myself against when dealing with files and Azure Storage?




3 Answers
3



A possible solution, expecting that you want this functionality as a part of an application :
You can make Web API app (or MVC app) in the Azure Cloud. This way you will have :



To my knowledge Azure Blob Storage does not have a built in way to prevent unwanted files from being uploaded if they are not prevented through user code. With Blob Storage a primary access key is required in order to upload files so the only way to get a file into storage will be through your exposed API [Website/App]. You will need to do file type validation there before allowing the user in. With this you can create SharedAccessSignatures that are valid for a set amount of time that will allow entrance into your storage account for file loading from an app or file loading through the web with CORS





I understand that, but my concern is - can some files be uploaded that compromise the web site ? (cshtml/php files that get file listings for example) i.e. can someone upload executable files ?
– Ivan
Aug 7 '14 at 19:55





Yes. If you do not explicitly deny exes from being uploaded they can be. They wont do anything unless they are run though
– Jon Gear
Aug 8 '14 at 19:26




As also mentioned in jigear's answer, account key or a Shared Access Signature with write access is needed to upload a new blob. Whether this blob contains a php file or not is not known by Azure Storage, since Azure Storage Service does not look at blob contents. How these blobs are used by your website is controlled fully by your website.





If I am only passing on links on my site to download the uploaded files, are there any risks I should be protecting myself against? We will be employing some security checks on the files, but we won't have those in time for beta.
– Ivan
Aug 7 '14 at 20:31






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma...
Read more

PHP parse/syntax errors; and how to solve them?

Image
PHP parse/syntax errors; and how to solve them? Everyone runs into syntax errors. Even experienced programmers make typos. For newcomers it's just part of the learning process. However, it's often easy to interpret error messages such as: PHP Parse error: syntax error, unexpected '{' in index.php on line 20 The unexpected symbol isn't always the real culprit. But the line number gives a rough idea where to start looking. Always look at the code context . The syntax mistake often hides in the mentioned or in previous code lines . Compare your code against syntax examples from the manual. While not every case matches the other. Yet there are some general steps to solve syntax mistakes . This references summarized the common pitfalls: Unexpected T_STRING Unexpected T_VARIABLE Unexpected '$varname' (T_VARIABLE) Unexpected T_CONSTANT_ENCAPSED_STRING Unexpected T_ENCAPSED_AND_WHITESPACE Unexpected $end Unexpected T_FUNCTION… Unexpected { { Unexpected } } Unexpe...
Read more

iOS Top Alignment constraint based on screen (superview) height

Image
iOS Top Alignment constraint based on screen (superview) height Let's say for example i want my view's top margin be 30 px for iPhone 6s and for the other screen i want to change this constants from 30 to X where X is proportional to total height of screen i.e. 36.5 for iPhone X, 33 for iPhone 6s plus, 25 for iPhone SE And so on .... I know i can take @IBOutlet of NSLayoutConstraint and change it programmatically but what i want is i want to set it like aspect ratio that we have for height width like subview's heigh width is proportional it's superview it changes with super view's height and width @IBOutlet NSLayoutConstraint 2 Answers 2 The constraint you need here is the superView's centerY set multiplier to 0.5 if you want the top anchor's constant to be 0.25 of screen height from the top , so adjust the multiplier according to this logic which is height_of_scre...
Read more