Protecting a Web Application Against Attacks Through HTML Shared Files
A new whitepaper 'Protecting a Web Application Against Attacks Through HTML Shared Files' discusses the risks of user uploaded HTML files. You'll notice this paper claims to have a 'patent pending' for the concept of splitting user uploaded files to another domain with a unique identifiers.
"Many Web applications have a file-sharing feature that allows Web users to share files by
uploading them to, and downloading them from, a Web-accessible file repository. Shared files
may include HTML files and other files containing scripts that are executed by the browser in
the security context of the user that downloads the file. This opens the door to a range of crossuser
attacks, including attacks by former users and even attacks by a user of a virtual application
instance against a different virtual instance of the same application. Such attacks are in essence
XSS attacks, but the usual defenses against XSS are typically not available, because shared files
cannot be sanitized.
This paper proposes a countermeasure that Web applications can use against attacks through
HTML shared files, without sanitizing those files. The countermeasure leverages the sameorigin
policy by the use of carefully tailored hostnames for serving user files and application
pages, including two different hostnames for downloading a shared file, linked by a redirection
step. Authentication is achieved by the use of different cookies for shared files and application
pages, and ephemeral file-retrieval sessions."
Paper Link: http://www.pomcor.com/whitepapers/file_sharing_security.pdf
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment