MozillaWiki

WebAppSec/Secure Coding Guidelines: Difference between revisions

Page Discussion

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 17:26, 2 February 2011

7 bytes removed ,  2 February 2011
→‎Uploads
Line 341: Line 341:


*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename.  
*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename.  
*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)Archives contents should be analyzed for malicious content (anti-malware, static analysis, etc)
*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org). Archives should be analyzed for malicious content (anti-malware, static analysis, etc)


'''Public Serving of Uploaded Content'''  
'''Public Serving of Uploaded Content'''  
Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/281724"