locked
Any security concern to let end user to upload PDF forms to a web server? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1969037779 posted

    Would anyone help me to think any security concern to let end user to upload document (filled PDF forms) to a web server in a MVC project?

    I should restrict the file type to PDF, also restrict the max size of the file. We have those fillable forms, which are normally a couple of hundreds KB.

    We have all sorts of anti-virus protections running on our network/servers, including checking on PDFs, is there other things I need to consider?

    Thanks in advance!

    Tuesday, June 7, 2016 3:36 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-271186128 posted

    Hi Margaret_Huang,

    Any security concern to let end user to upload PDF forms to a web server?

    You can refer to the following steps:

    • Check whether exist the file with the same file name.  A file could overwrite another file that already exists with the exact same name on the server.
    • The application should set a maximum length for the file name, and a maximum size for the file itself.
    • The directory to which files are uploaded should be outside of the website root.
    • The application should not use the file name supplied by the user. Instead, the uploaded file should be renamed according to a predetermined convention.

    More information, you can refer to the following article:

    http://www.computerweekly.com/answer/File-upload-security-best-practices-Block-a-malicious-file-upload

    Best regards,
    Dillion

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 8, 2016 2:09 AM