Search code examples
node.jssecurityfile-upload

Good security measures for client image upload

I am making a clothes designer in react and node js, similar to spreadshirt

The way it works is that after a user created a custom product, the finished screenshots and the (user uploaded) images would be sent via smtp as attachments. The website owner would then download the images and recreate the product in real life. The images have to be downloaded, so I want to take good precautions that the server and website owner are not vulnerable.

I have thought of 2 ways

  1. send images as base64 (never saving it on the server itself), then making an attachment out of it. The problem with this of course is that the request limit is 50mb.
  2. temporarily save the images in a folder, than streaming them as attachments and deleting them in the end (even if the request failed for some reason)

Of course I would be checking the image type before sending (only jpg and png allowed), and the gmail itself is scanning each attachment for malware.

Would this be enough measures? Any good practices or advice? Anything I should avoid doing? Thanks in advance!

Solution

  • Your approach is generally on the right track when dealing with image uploads and ensuring security. Here are my thoughts on it:

    Method 1: Send Images as Base64 Sending images as base64 encoded strings without saving them on the server has its pros and cons:

    Pros:

    No Persistent Storage: This method avoids the need to store images on your server, reducing the risk of server storage vulnerabilities.

    Cons:

    Size Limitations: Email providers like Gmail, have attachment size limits. Base64 encoding increases the size by about 33%.

    Performance: Encoding and decoding base64 images can be resource-intensive, potentially affecting performance.

    Method 2: Temporarily Save and Stream Images Temporarily saving images and then streaming them as email attachments is a more scalable approach:

    Pros:

    Scalability: This method handles larger images more efficiently than base64 encoding.

    Performance: Streaming attachments is less resource-intensive than encoding to base64.

    Cons:

    Security Risks: Temporary storage introduces risks if not managed correctly. Ensure that: Images are stored in a secure, isolated directory. Access permissions are tightly controlled. Images are deleted promptly after processing, even in case of errors.

    Additional Best Practices:

    Input Validation and Sanitization: Validate and sanitize all uploaded images to prevent injection attacks. Only allow specific file types (JPG, PNG) and impose size limits (OWASP).

    Secure File Storage: Use a secure, isolated directory for temporary storage. Ensure that only authorized processes can access these files (NIST).

    Email Security: Use an SMTP server with strong security settings, including TLS encryption and malware scanning for attachments (Medium).

    Regular Security Audits: Conduct regular security audits and penetration testing to identify and mitigate potential vulnerabilities (OWASP).

    I'd recommend streaming with proper implementation and security measures for handling larger images efficiently and securely.

    References:

    NIST. Security and Privacy Controls for Information Systems and Organizations.

    OWASP. OWASP Secure Coding Practices.

    Medium. Navigating the Depths of SMTP Security Vulnerabilities: A Comprehensive Exploration.