round fable
Hello, not really a specific question but i'm trying to secure a file upload, here are the main characteritics :
So what I want to verify is :
Because obviously checking file extension isn't great.
Are there best pratices concerning file upload ? Is there a way to do this without an additional librairy ?
Thanks
granite mulch
severe niche
Hello, not really a specific question but i'm trying to secure a file upload, he...
why do you wish to use a zip tho and do you really have to tho?
cant you just allow the upload of multiple audio files?
it is highly recommended against using zip files!
as the content can not be verified
i also do Not recommend what @granite mulch said here
as you risk opening a zip bomb instead
opening such zip bombs may result in a denial of servcice (Dos)
causing the server to overload on storage
please check the owasp cheat sheet for file uploads linked below
on instructions how to deal with a file upoads and best practices in a secure manner
https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html
severe niche
Hello, not really a specific question but i'm trying to secure a file upload, he...
as you asked
Are there best pratices concerning file upload ? Is there a way to do this
avoid using zip files
check the mime type of a file
the file name should be generated by the server
set file size limits
make sure file names are not to be
again this can all be founded in the cheat sheet
rough smelt
round fable
Thanks for the help guys, taking a look at all this, will keep you posted
round fable
Ok so basically i coult make it work with the ffprobe librairy to check the file codec_type from its path
round fable
why do you wish to use a zip tho and do you really have to tho?
cant you just al...
Thing is we need to get like 6 files + a folder containing the audio files so it's not very user friendly to have to slect all the files
severe niche
Thing is we need to get like 6 files + a folder containing the audio files so it...
what makes you think that?
you can just allow the upload of multiple files at once
severe niche
Thing is we need to get like 6 files + a folder containing the audio files so it...
why a folder containing the audio files?
well what ever your plan is i suggest not using zip/rar files
you can not open or verify the content without risking threads
unless the person can be 100% be trusted
something like a select few people you personally know gets that access
zips are the biggest thread when it comes to uploads
the contents of the files in them can not be verified
you would need to unpack them but would risk a zip bomb instead
so A take a different approach
B make sure its a elite people you know or can be trusted that is doing the uploading's like some friends set as admins
those are your options
why else do you think Gmail does not allow zip files to be mailed?
because the are a huge risk and a big thread
if google just block them because they cant do anything else
then what chance do you stand?