What are the recommended file upload security controls in a WebSphere Portal enviroment?
We have a couple of portlets that allow users to upload files for processing. We are worried that this functionality could be abused by malicious users to launch denial of service attacks or compromise the system in other ways.
We have already set a file upload size limit for each portlet using the com.ibm.faces.MAX_REQUEST_CONTENT_SIZE parameter in the web.xml file. We have also restricted the types of files that can be uploaded by specifying the allowed file types for each file upload component (JSF - IBM Enhanced Faces).
There are concerns that these controls may be inadequate as file size and file type checks are done after the files have been uploaded/in memory.
What additional security controls should we put in place both on the client side and on the server side?
Tags
Use the search field to
find all types of content in My developerWorks with that tag.
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular type of content or application that you're viewing.
My tags shows your tags for this particular type of content or application that
you're viewing.
