英文:
Prevent files in the public folder to be executed in nest.js
问题
我想防止用户执行公共文件夹中的文件。在我的应用中,用户可以上传任何类型的文件,例如.js,.mjs,.ts,.py或可能在Web上可用的任何其他文件。如果某些恶意用户上传任何可执行脚本文件并执行该文件,那么我的应用将会崩溃,这是我想要防止的。我该如何做到这一点?
我的文件夹结构:
- 项目
- src
- node_modules
- public
- dist
- 其他文件...
上传的文件保存在public文件夹中。
英文:
I want to prevent the users from executing the files that are in the public folder. In my app, users can upload any type of file, such as.js,.mjs,.ts, .py, or any other file that is possibly available on the web. If some malicious user uploads any executable script file and executes that file, then my app will break, which is something I want to prevent. How can I do that?
my folder structure:
- project
- src
- node_modules
- public
- dist
- other files...
The uploaded files are saved in the public folder.
答案1
得分: 1
你的应用不应在恶意脚本上传时中断,只有在上传了恶意脚本并且执行它时才会中断。只要你不对未知脚本使用exec(),你应该没问题,它只是一个文本文件,直到被执行。
英文:
Your app shouldn't break if a malicious script is uploaded, it would break if the malicious script was uploaded and then executed. So long as you don't use exec() on unknown scripts you should be fine, it's just a text file until it's executed.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论