WebAppSec/Secure Coding Guidelines: Difference between revisions

Line 341: Line 341:


*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename.  
*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename.  
*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)Archives contents should be analyzed for malicious content (anti-malware, static analysis, etc)
*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org). Archives should be analyzed for malicious content (anti-malware, static analysis, etc)


'''Public Serving of Uploaded Content'''  
'''Public Serving of Uploaded Content'''  
Confirmed users
491

edits