If I had to do this, I would be extremely cautious...

I would be doing an antivirus scan on the upload and, if at all possible, not persisting as a file in the filesystem anywhere; you don't want to accidentally leave an infected file lying around anywhere.

I would also wrap layers of security around its availability. Only trusted users can do the upload, ones that have undergone some sort of verification. And definitely no guest access whatsoever.

I'd have clearly defined limits on upload sizes. If the file(s) need to be processed in-memory to avoid file persistence and OS corruption, this will further constrain your upload capacity.

Speaking of which, you also want to have runtime limits to ensure that the number of folks uploading/comparing at one time can be throttled and managed; you don't want 1,000 people uploading 10 meg files as you will quickly clip through all available resources.

Even if you got this all squared away, I'd still like to see some way to "sandbox" the whole thing, some sort of disposable VM or container that would deal with the upload in complete isolation and one that could be discarded after the comparison was complete.

I'm sure this sounds super-paranoid, but I feel it is just a reflection of the world as it truly is. Fortunately hackers with the skillz to turn this into an attack vector are going to be few and far between, but they are out there.

Just look at Equifax and the general sh*tstorm raining down on them right now, and they never offered anyone the ability to upload a file at all.

It's a reality of the internet that we live on, and regardless of how useful this feature might seem, you will need to wrap this in so many layers of security just to protect your assets.










Come meet me at 2017 LSNA!