![]() ![]() For example, logging the file name or displaying in UI (Razor automatically HTML encodes output). Don't use a file name provided by the user or the untrusted file name of the uploaded file.† HTML encode the untrusted file name when displaying it. Use a safe file name determined by the app.Do not persist uploaded files in the same directory tree as the app.†.Disable execute permissions on the file upload location.† A dedicated location makes it easier to impose security restrictions on uploaded files. Upload files to a dedicated file upload area, preferably to a non-system drive. ![]() Security steps that reduce the likelihood of a successful attack are: Compromise networks and servers in other ways.Use caution when providing users with the ability to upload files to a server. View or download sample code ( how to download) Security considerations ASP.NET Core supports uploading one or more files using buffered model binding for smaller files and unbuffered streaming for larger files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |