David Svoboda wrote:
5. Prevent arbitrary file upload
Assuming that there is an 'upload' facility then, in essence, how does one stop this? Presumably the recommendation relates to files that if executed could damage the server or another client who then downloads the file. Unless one looks in detail at the content of the file before the upload starts then how does one know the file has potentially hazardous content? And if one can install a process on the client to check the content then an attacker just has to replace the checker with one of his own. I would expect any checking to be done on the server (a virus checker maybe?) and that uploaded files would be ring fences on the server in a manner that neuters them as far as damaging the server is concerned.
Am I missing something? I suppose I will have to buy the book to find out.
I'm guessing that means not to accept at the server side random unchecked files, rather than somehow preventing them from being uploaded. So before the server-side code does anything with an uploaded file, it would perform some checks on it, possibly including running it through a virus checker.
Do not store unencrypted sensitive information at client-side
I would go even further than that: "Do not store unencrypted sensitive information". Obviously, what is "sensitive" means depends a lot on the data in question, but it's already common to store passwords or credit card information in cryptographically secure ways even on the server (and indeed negligent not to do so). Depending on the context it might be wise to extend that to more data items than those in particular.