Confirmed users
491
edits
Line 341: | Line 341: | ||
*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename. | *Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename. | ||
*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)Archives | *Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org). Archives should be analyzed for malicious content (anti-malware, static analysis, etc) | ||
'''Public Serving of Uploaded Content''' | '''Public Serving of Uploaded Content''' |