This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
We are having one application based on java/servlet/jsp technology, which allows users to upload files to the server through html file upload option.
But the weak point is that, it allows any file to be uploaded.
This could cause problem which may reach to malicious file execution.
Please help us in resolving this, so that we can save our application with Malicious file execution attack.
You need to detect the file type on the server side and accept/reject based on whatever criteria you decide (file extension etc). It also helps to not allow executable rights on any file that is in that upload folder (chmod -x in *IX operating systems)