Hey all,

I am here to try and cover all aspects of security that I can think of. The site I am currently working on will have the needed ability for users to upload a zip file, of which will be extracted to my server. They are website templates and as such an API is being used to capture screenshots. This is a very dangerous thing, and I would like to cover and protect myself as best as possible. If you have any ideas, thoughts, or suggestions on things I can do better, please let me know.


This is going to be spaghetti code, so please bare with me. Also note all of the extensions, mime types aren't listed this is just for example

validExtentions = .htm .html .gif .png .jpg .jpeg .pdf .swf .fla .doc .txt
validMime = text/html, text/gif, text/png, text/jpg, text/pdf, flash, text/doc

function mime_type
return : shell_exec : escapeshellcmd ("file -bi $temp_file")
end;

Upload Zip:
if extension is zip and mime_type is zip
allow processing
else
error: only zip files allowed


Process Zip
loop through all files in zip
if file is not valid extension or valid mime
: remove from zip
end loop;

extract remaining files to public_html/templates/$template_id directory.
notes: directory is only accesible by 1 specific external API IP (screenshot API).
My own server doesn't have rights to execute. Only write/read.
Resave zip file with invalid files ommited

capture screenshots finished, template approved- all files are removed from public directory.

----------------

So, these files are out on my server for the time it takes the user to upload the zip file and approve the template (basically).

Is there anything else I can do so that this can further be locked down? The directory will also exist at an undisclosed location. In any event that they happen to stumble acrossed it (obviously some malicious user looking for something), a 404 will simply be displayed. All IP's (unless of the API's server will find nothing but a 404).

__________________
There are No Stupid Questions. But there a LOT of Inquisitive Idiots.