A database is often more convenient than physical storage options because retrieval of a database record for user data can concurrently supply the file content (for example, an avatar image).For small file uploads, a database is often faster than physical storage (file system or network share) options.Storage scenariosĬommon storage options for files include:
Azure Security: Ensure appropriate controls are in place when accepting files from usersįor more information on implementing security measures, including examples from the sample app, see the Validation section.Overload a system with the result that the system crashes.įor information on reducing the attack surface area when accepting files from users, see the following resources:.
Uploading malicious code to a system is frequently the first step to executing code that can: †The sample app demonstrates an approach that meets the criteria.
Allow only approved file extensions for the app's design specification.†.For example, logging the file name or displaying in UI (Razor automatically HTML encodes output). Don't use a file name provided by the user or the untrusted file name of the uploaded file.† HTML encode the untrusted file name when displaying it. Use a safe file name determined by the app.Do not persist uploaded files in the same directory tree as the app.†.Disable execute permissions on the file upload location.† A dedicated location makes it easier to impose security restrictions on uploaded files. Upload files to a dedicated file upload area, preferably to a non-system drive.Security steps that reduce the likelihood of a successful attack are: Compromise networks and servers in other ways.Use caution when providing users with the ability to upload files to a server. View or download sample code ( how to download) Security considerations ASP.NET Core supports uploading one or more files using buffered model binding for smaller files and unbuffered streaming for larger files.
0 kommentar(er)
