Seebs <usenet-nos...@seebs.net> writes: > On 2010-10-06, geekbuntu <gmi...@gmail.com> wrote: >> in general, what are things i would want to 'watch for/guard against' >> in a file upload situation? > > This question has virtually nothing to do with Python, which means you > may not get very good answers.
In contrast to "comp.super.web.experts"? There are quite a few people with web-experience here I'd say. > >> my checklist so far is basically to check the extension - ensure it >> has 3 places, ensure it's in the allowed list (like jpg gif etc...). > > This strikes me as 100% irrelevant. Who cares what the extension is? Given that most people are not computer savvy (always remember, the default for windows is to hide extensions..), using it client-side can be valuable to prevent long uploads that eventuall need to be rejected otherwise (no mom, you can't upload word-docs as profile pictures). > >> not sure what else i could do to guard against anything bad >> happening. maybe the file name itself could cause greif? > > Obvious things: > > * File name causes files to get created outside some particular > upload directory ("../foo") Or rather just store that as a simple meta-info, as allowing even the best-intended "me-in-cool-pose.jpg" to overwrite that of the one other cool guy using the website isn't gonna fly anyway. > * File name has spaces See above, but other then that - everything but shell-scripts deal well with it. > * Crazy stuff like null bytes in file name > * File names which might break things if a user carelessly interacts > with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name > including two spaces). Your strange focus on file-names that are pure meta information is a little bit concerning... > > Basically, the key question is, could a hostile user come up with > input to your script which could break something? Certainly advice. But that's less focussed on filenames or file-uploads, but on the whole subject of processing HTTP-requestst. Which would make a point for *not* using a home-grown framework. But then, Python is a bit less likely to suffer from buffer overflow or similar kind of attacks. Diez -- http://mail.python.org/mailman/listinfo/python-list