Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
celovec2019-10-16 20:35:02
Information Security
celovec, 2019-10-16 20:35:02

Securely uploading files to a server?

Clients upload pictures, videos and other files to my server, without restrictions.
How can I secure such a download?
The first thing that comes to mind is to upload a file from the site to a folder of another subdomain, for example files.example.com, in which php and other programming languages ​​will be disabled.
And upload files to the main site example.com through this subdomain.
How secure will it be for me, XSS they can no longer do? How else can they harm the main site?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Anton R., 2019-10-16
@anton_reut

Here is a good article: https://habr.com/ru/post/44610/

Report
X
xmoonlight, 2020-01-24
@xmoonlight

Load always ABOVE the www web-root folder to avoid calling the handler from the web.
Folder hierarchy example:

upload
www //web-root

Similar questions
I
IrkDesigner2012-09-24 05:56:43
What to do when the system administrator is fired? 17Reply
A
Alexey2012-09-26 10:29:32
Is it possible and how to cut on the mail server all executable files in the inbox, including inboxes with archives? 2Reply
S
Sergey2015-12-16 09:40:52
What solutions are there to automatically run an application in a restricted chroot or sandboxed container environment? 3Reply
P
Pleshner2012-10-24 08:26:14
How can you deal with the meanness of dismissed system administrators? 16Reply
B
Benjamin2018-04-26 22:43:08
How is security maintained when executing commands via ssh? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question