File uploads, downloads and management

Last updated on
20 September 2016

[This section is a work in progress]

Advice in a Nutshell

Allowing users to manage files on your server is a potentially dangerous operation.

You need to make sure that users cannot

  • view arbitrary files.
  • delete arbitrary files.
  • overwrite 'critical' files.
  • upload and execute arbitrary files.
  • completely fill a device (or disk quota).

Note that "arbitrary" means "any file on the server". So, for example, if you limit them to files in the "files" directory then that is not arbitrary. But if the code for writing files allows the user to somehow affect the file path, then they could insert "../../" into the filename which will get it back out of the "files/" directory and into other directories on your server.

See also File Permissions and Ownership For Security