We need to investigate what kind of security we need around uploaded mod files. We should be rejecting any files that have file names that could cause sql injection or any other problems from being uploaded. We then need a way to scan the jar/mod files uploaded to make sure that they don't contain malicious code so that we don't end up redistributing them.
Few Ideas:
1) Limit file size
2) Scan Jars for Malicious content
3) Files should be served from the top domain so https://site/files/file. We shouldn't use subdomains.
We need to investigate what kind of security we need around uploaded mod files. We should be rejecting any files that have file names that could cause sql injection or any other problems from being uploaded. We then need a way to scan the jar/mod files uploaded to make sure that they don't contain malicious code so that we don't end up redistributing them.
Few Ideas: 1) Limit file size 2) Scan Jars for Malicious content 3) Files should be served from the top domain so https://site/files/file. We shouldn't use subdomains.
https://docs.djangoproject.com/en/1.7/ref/models/fields/#file-upload-security https://docs.djangoproject.com/en/1.7/topics/security/\ http://coffeeonthekeyboard.com/best-basic-security-practices-especially-with-django-697/