Dear Fellow Monk,
The first question that comes to mind is "what kind of files?" and the second that comes to mind is "for what purpose?"

In other words, analyze the requirement thoroughly

Next you want to assess the "threat level" and what you are trying to protect. This is not always just the server you are doing this work on either. If you are for instance having folks upload resumes to your server then you have a responsiblity to protect those resumes and the private data contained therein.

Another example of a responsibility (liability?) you are taking on with something like this is if you are having folks upload program files you need to protect against copyright infringement, virii, trojans, et. al. not only for the health of your server but to protect other users of your web site.

With that in mind, yes of course, stage the uploaded files into a "quarantene" until you are completely satisfied that they present minimal threat. (Notice I didn't say "represent any threat")

Another step I would take is to log all uploads with information regarding where the files came from. Preferably you want to use some sort of login authentication before allowing an individual to upload anything so you can possibly tie an upload to an individual for accountability sake.

Just a few thoughts that come to mind.

Peter L. Berghold -- Unix Professional
Peter -at- Berghold -dot- Net; AOL IM redcowdawg Yahoo IM: blue_cowdawg

In reply to Re: (OT) accepting user files online by blue_cowdawg
in thread (OT) accepting user files online by leocharre

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.