diff options
| author | Harshad Sabne <harshadsabne@users.noreply.github.com> | 2013-11-30 15:47:25 +0530 | 
|---|---|---|
| committer | Harshad Sabne <harshadsabne@users.noreply.github.com> | 2013-11-30 15:47:25 +0530 | 
| commit | f4804fafecdc057988575b4516afe9ca1d5f42fc (patch) | |
| tree | 844eb157c5e33d4627d7a884c5956d5887e4eea1 /guides/source | |
| parent | abefa2f635c09fc51c0f63058acd0d1a46f30f60 (diff) | |
| download | rails-f4804fafecdc057988575b4516afe9ca1d5f42fc.tar.gz rails-f4804fafecdc057988575b4516afe9ca1d5f42fc.tar.bz2 rails-f4804fafecdc057988575b4516afe9ca1d5f42fc.zip | |
Update security.md
Add escape character for correct rendering
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/security.md | 2 | 
1 files changed, 1 insertions, 1 deletions
| diff --git a/guides/source/security.md b/guides/source/security.md index 595cf7c62c..25428998f2 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -290,7 +290,7 @@ NOTE: _Make sure file uploads don't overwrite important files, and process media  Many web applications allow users to upload files. _File names, which the user may choose (partly), should always be filtered_ as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like "../../../etc/passwd", it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so - one more reason to run web servers, database servers and other programs as a less privileged Unix user. -When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master): +When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment\_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master):  ```ruby  def sanitize_filename(filename) | 
