Secure uploading file

Question

I have file uploaded system in my php project.

What I make at uploading:

1) Check file extension and file mime type.

2) If extension and mime type are allowed types, I save file outside of public_html directory and then, I give the opportunity to users, download file so:

 if (file_exists($file_path)) {
        header('Content-Description: File Transfer');
        header('Content-Type: some mime type');
        header('Content-Disposition: attachment; filename=somefilename');
        header('Content-Transfer-Encoding: binary');
        header('Expires: 0');
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        header('Content-Length: ' . filesize($file_path));
        readfile($file_path);
 }

Question: this steps for uploading file, are secure or not? If not, what can make additional, for improve secure at uploading file?

Thanks.

p.s. same question on stackoverflow

Please do not cross post. It is considered poor etiquette. – Xander Feb 04 '14 at 19:45 — Xander, Feb 04 '14 at 19:45

score 1 · Answer 1 · answered Feb 04 '14 at 19:39

One improvement you could look at for this is conducting malware scans of uploaded files. Whilst this won't be a 100% protection, it could help reduce the risk of one of your users accidentally (or deliberately) uploading a malicious file which could then infect other users.

score 1 · Accepted Answer · answered Feb 04 '14 at 20:37

A marginal improvement you could make is to move the uploaded files to a place where PHP in the web server can't access them. This will necessarily involve some other script not triggered by the web server, such as a cron job or an asynchronous queuing system like Rabbit.

The attack this prevents is the escalation from a local file inclusion to a full server compromise.

If an attacker knows of an LFI vulnerability and can upload files to the same web server, he can use that combination to compromise the server. If your upload system moves the files to somewhere the web server can't access (outside of the PHP open_basedir with safe_mode set to on or even onto a separate server) then the LFI vulnerability can't be exploited to include attacker-uploaded files.

score 0 · Answer 3 · edited Mar 17 '17 at 13:14

0

You can check my question here, which has a valid code for handling uploads (mostly I am concerned about images, but still). In the question I address a couple of problems and tell how am I solving them.

Also the question has an excellent answer about hardening file permissions and using additional domain for stored files.

edited Mar 17 '17 at 13:14

Community

1

answered Mar 06 '14 at 20:35

Salvador Dali

1,745
1
19
32

Secure uploading file

3 Answers3