I'm creating a very simple django upload application but I want to make it as secure as possible. This is app is going to be completely one way, IE. anybody who uploads a file will never have to retrieve it. So far I've done the following:
- Disallow certain file extensions (.php, .html, .py, .rb, .pl, .cgi, .htaccess, etc)
- Set a maximum file size limit and file name character length limit.
- Password protected the directory that the files are uploaded to (with .htaccess owned by root so the web server cannot possibly overwrite it)
Assuming that apache and mod_python are on the front end of this and that apache itself has been secured, are there any other "best practice" things I should do or consider to protect my application?
Thanks in advance.
Disallowing a file extension is -- potentially -- a waste of time. A unix server doesn't use the extension -- it uses ownership and permissions.
When accepting an upload, you will often rename the file to prevent it being misused. Uploaded files should be simply named "upload_xxx" with the "xxx" being a key to some database record that provides the claimed name and data type.
You have to actually read the file and confirm that the content of the file is what someone claims it is.
For example, if they claim to upload a .JPG, you have to actually read the file to be sure it's a JPEG, not an .EXE.
Also, you might want to put the target files outside Apache's DocumentRoot directory, so that they are not reachable by any URL. Rules in .htaccess offer a certain amount of protection if they're written well, but if you're seeking for maximum security, just put the files away from web-reachable directory.
