What is the main security risk when a web application allows users to upload files without any restrictions?
Think about what happens if harmful code is hidden inside uploaded files.
Allowing unrestricted file uploads can let attackers upload harmful files that run code on the server, leading to serious security breaches.
Which method is most reliable to check the true type of an uploaded file?
File extensions and MIME types can be easily changed or faked.
Inspecting the file's content or magic number signature is the most reliable way to verify the true file type because it looks at the actual data, not just labels.
What is the security benefit of configuring the server to disable script execution in directories where files are uploaded?
Think about what happens if a malicious script is uploaded and the server runs it.
Disabling script execution in upload directories stops attackers from running harmful scripts they upload, reducing the risk of server compromise.
How does setting a maximum file size limit for uploads improve security?
Consider what happens if attackers upload huge files repeatedly.
Limiting file size helps prevent attackers from overloading the server with large files, which can cause denial-of-service by exhausting storage or memory.
Which combination of measures provides the strongest protection against malicious file uploads?
Think about combining multiple layers of defense rather than relying on just one.
Combining file extension checks, size limits, and disabling script execution creates multiple barriers that reduce the chance of malicious files causing harm.