Our web-developers have a project that requires accepting file-uploads. What should I ensure is covered?
Solution 1:
You need to look out for:
- Maximum file size. This can be done by the web developers in many cases.
- Permissions. Do you want each user to have their own (virtual or real) folder that nobody else can see?
- Do you want users to be able to delete files they have uploaded, or even see them? They should probably be able to verify what files they uploaded at the very least.
- Do you want to enable users to download files as well as upload? This may be tricky to implement depending on your setup.
- Make sure that the uploads folder does not allow them to go up the directory tree.
- Will you limit files by extension or other criteria? You want to make sure you don't set up a "warez server" inadvertently. I know this is for logged in users, but any security can be broken in some way.
This is all I can think of at the moment to look out for.
Solution 2:
One big thing to watch out for is the max file size you want to allow. Make sure your server is configured to allow the upload of files big enough for your requirements.
Also, I highly recommend the target folder for the upload to be outside of your application's root folder structure.