diff options
author | Xavier Noria <fxn@hashref.com> | 2011-03-07 22:11:47 +0100 |
---|---|---|
committer | Xavier Noria <fxn@hashref.com> | 2011-03-07 22:11:47 +0100 |
commit | 89ecc0a5dc1d06a6bbd2a59edd57187c6eedf8af (patch) | |
tree | 762f7860f65b7e058016707ef6771b1ff2feb7cb /railties/guides/source/security.textile | |
parent | 5968d7a65886d3450698889f685eccaf54749f43 (diff) | |
parent | f99db5a6a8295b463325accaefe53ab6c89c9982 (diff) | |
download | rails-89ecc0a5dc1d06a6bbd2a59edd57187c6eedf8af.tar.gz rails-89ecc0a5dc1d06a6bbd2a59edd57187c6eedf8af.tar.bz2 rails-89ecc0a5dc1d06a6bbd2a59edd57187c6eedf8af.zip |
Merge branch 'master' of git://github.com/lifo/docrails
Diffstat (limited to 'railties/guides/source/security.textile')
-rw-r--r-- | railties/guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 5613156245..182f3631ef 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -282,7 +282,7 @@ h4. File Uploads Many web applications allow users to upload files. _(highlight)File names, which the user may choose (partly), should always be filtered_ as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like “../../../etc/passwd”, it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so – one more reason to run web servers, database servers and other programs as a less privileged Unix user. -When filtering user input file names, _(highlight)don't try to remove malicious parts_. Think of a situation where the web application removes all “../” in a file name and an attacker uses a string such as “....//” - the result will be “../”. It is best to use a whitelist approach, which _(highlight)checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the "attachment_fu plugin":http://github.com/technoweenie/attachment_fu/tree/master: +When filtering user input file names, _(highlight)don't try to remove malicious parts_. Think of a situation where the web application removes all “../” in a file name and an attacker uses a string such as “....//” - the result will be “../”. It is best to use a whitelist approach, which _(highlight)checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the "attachment_fu plugin":https://github.com/technoweenie/attachment_fu/tree/master: <ruby> def sanitize_filename(filename) |