In short, I have a webpage which allows people to upload a file to my website and then displays a link to whatever they've uploaded.
The uploaded allows any file type to be uploaded, and stores it in a public folder named 'uploads'.
I can foresee a lot of security risks posed by this. For example, if the user uploads a HTML file, it is rendered as a webpage when opened - they could have redirects to viruses in this, etc.
I want the site to be as open as possible - and I like the fact that the uploader allows users to add webpages to my site. However, I need it to be safe and secure for users (and me).
How can I make the site as open as possible (allowing users as much freedom as possible) without being vulnerable to hackers?
There are multiple things you need to consider, select which ever suits your software needs: