Image Uploading - security issues

Question

I\'m developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either b

Answer 1

This is an absolute minefield. Something to take into consideration (not necessarily an exhaustive list, no guarantees, etc.).

• Some people use regexs for parsing, so there is no way of knowing if the file contains code. ZIP files have their directory at the end. Sun/Oracle Java PlugIn/WebStart now checks that the file starts with a ZIP local header/entry magic number to avoid "GIFAR" attacks.
• Serve from a different domain, to avoid same-origin problems.
• Serve from a different IP address, to avoid same-origin problems.
• It's a bit tricky to check if the file is exploiting, say, a 0-day buffer overflow. It might even exploit an infinite loop to create a DoS.
• It's best to re-encode the image.
• Careful with the URL/file path name. If you give an option, use whitelist checking. In particular NUL characters are "fun". See also directory traversal attacks. In general being able to place a file of given contents an a known location is, at the least, a big dodgy.
• Or images you might want to check that the size is sane. Decompressing a huge image could well lead to a DoS. Also note that compression algorithms often allow compressing trivial data by huge factors.