Home >Backend Development >PHP Tutorial >A brief discussion on storing vulnerabilities on the web, analysis of their principles, and prevention methods (methods of storing secure files)_PHP Tutorial

A brief discussion on storing vulnerabilities on the web, analysis of their principles, and prevention methods (methods of storing secure files)_PHP Tutorial

WBOY
WBOYOriginal
2016-07-21 15:02:33799browse

This type of vulnerability can mainly read the path name passed in by the user and use incorrect filtering methods, causing malicious users to save files in unexpected places, causing security risks.

Actually, we just need to focus on a few places. Let’s analyze it first. Since the user wants to save files, and the files will be in various formats; the content of some files may be inconsistent with the format passed in by the user. , some files also contain Trojan horse code. Then, we let the user save the file, authorize it separately from the site file, and implement isolation.

Make the save and upload directories independent. The directory permissions are read-only and cannot be executed.
This step is authorized from the system design, no matter what file you last , it is impossible to execute. Even if I don't do any testing, if all your files are stored here, it won't pose a security risk to my system. (If there are pictures with reactionary words stored on the user's website, they need to be processed separately)

Do not directly use the server to pass in the value, everything must be detected
This type is the same as our principle that all input is harmful. For the type and name passed in by the client, they must be judged and not used directly. For a certain directory and a certain file name to be generated.
The best way to use the file name is to hard-code the directory yourself (do not read the incoming directory). It is best to randomly generate the file name yourself without reading the user's file name. The file extension can be the characters following the rightmost ".".
The above two methods just put overall constraints on the storage from two aspects.
Method 2: Save the file name, write it in the directory you specify, and generate the file name yourself.
Method 1: Just ensure that the file is written to the correct location, and then configure permission control on the writing directory. This is the root cause. It can be done. No matter what files you save, you will not have permission to jump out and run them.

Using the above two methods together can ensure that the file is saved to the correct place, and then the permissions can be controlled. By the way, to determine whether the file saved by the user meets the required type, the file extension is directly checked. As long as the extension is met, the file is allowed to be saved. Anyway, with execution permission restrictions in place, it doesn’t matter if you don’t upload the content as required. Anyway, if it can't be implemented, it won't be very harmful.
Correct steps:
1. Read the file name and verify whether the extension is within the range
2. Define the generated file name and directory yourself, The extension can come from a filename extension. Configure other values ​​by yourself, and do not read the contents of the upper storage
3. Move the file to a new directory (the permissions of this directory are set to read-only)

Okay, the above is the general operation method, I hope it will be helpful to you. Everyone is helpful, and friends are welcome to communicate! I also hope to provide a better method! Next, I will continue to write some of my experiences and opinions on functional safety design of some common methods in web development!

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327916.htmlTechArticleThis type of vulnerability can mainly read the path name passed in by the user and use incorrect filtering methods, leading to malicious Users save files in unexpected places, causing security risks. Actually...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn