0

I'm programming a file converter. Therefore the user uploads a file e.g. test.txt which is then convertet and a download link is sent back to the user. For security purposes I change the name of the files as soon as they are uploaded like it is also suggested here.

Instead create files and folders with randomly generated names like fg3754jk3h

The problem starts when it comes to download. For a better UX I want the downloadable files to have the same name as the user supplied files, not a random string. At the moment I also get an error in Chrome:

<Filename> is an unusual download and may be harmful.    [translated]

I think this could also be a result of the crypthographic file names.

So my question: What is the best method to change the file names back to the original ones without having any security issues, or should I better do a scrict validation of the file names? And will this get rid of the displayed error message?

DreiDe
  • 109
  • 1
  • 10

1 Answers1

0

You can provide the original filename when returning the file to the user. (see Downloading a file with a different name to the stored name for a few ways of doing it)

The principle of not storing the file with original name is to avoid a malicious user trying to upload some script to your server that he can execute. You should do it, but also you should put that files in a temporary directory that your web server have no access.

For example:

  1. You web server are pointing to /var/www
  2. When your receive the uploaded file, store it on /var/uploads instead of /var/www/uploads. This way, the file will never be accessible to user (at least from web)
  3. You save the original filename on your database
  4. You still should generate a random filename, this will avoid filename collisions (many people will upload their cute-cat.jpg images), There's no problem keeping file extension. eg: kr3242sd93fdsh.jpg
  5. You provide some endpoint to your user download the file by some random string (I suggest you avoiding use the same random string that you used to name the file): https://youserver.com/download?id=uoqq41jsak
  6. On your download endpoint, you define the original filename on Content-Disposition's filename attribute.
Elias Soares
  • 9,884
  • 4
  • 29
  • 59
  • If a user wants to download more than one file, they are zipped on the server and the zip file is then sent back. How should I do about the filenames within the .zip if I want to keep the original names? – DreiDe Jul 18 '19 at 21:39