WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 18:30, 21 January 2011

30 bytes added ,  21 January 2011
→‎Image Upload
Line 315: Line 315:


'''Upload Storage'''
'''Upload Storage'''
* Use a new filename to store the image on the OS. Do not use any user controlled text for this filename.
* Use a new filename to store the image on the OS. Do not use any user controlled text for this filename or for the temporary filename.
* Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)
* Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)


Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/279041"

Navigation menu