Educause Security Discussion mailing list archives
File input validation/upload validation in web environments
From: "James H. Moore" <jhmiso () RIT EDU>
Date: Tue, 1 Nov 2011 17:20:17 -0400
I had a question come to me about validating files uploaded to a web server. Does anyone have a list of the risks from file uploads and how they are best managed. People are discussing e-portfolios and the like, and wondered what risks and controls were appropriate. Not being a web person, I wasn't sure. Jim - - - - Jim Moore, CISSP, IAM Senior Information Security Forensic Investigator Rochester Institute of Technology 151 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 255-0809 (Cell - Incident Reporting & Emergencies) (585) 475-7920 (fax) If you consciously try to thwart opponents, you are already late. Miyamoto Musashi, Japanese philosopher/samurai, 1645 A ship in harbor is safe -- but that is not what ships are built for. John A. Shedd, Salt from My Attic, 1928 CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information
Current thread:
- File input validation/upload validation in web environments James H. Moore (Nov 01)
- Re: File input validation/upload validation in web environments Rich Graves (Nov 01)