SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2005
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Upload site: which file extensions need to be blocked?

    Hello, I'm making a site where users can upload their files, now I wasn't really planning on using any restrictions on the extensions allowed, but I know that I should block some extensions.
    At the moment the only thing that happens is, when someone uploads a .php file .txt is automatically added, what else should I do to be safe?

    Thanks

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,024
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)

    blocking file types

    Rather than decide what file types should be blocked, it might be better to decide what file types are to be allowed. I think you may have to upload the files to a temp file and then determine their filetype. I wouldn't base your screening procedure on only the extension.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Italy
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try to gzip it.
    If you have to include it in a web page check that the included file is from your server to avoid directory traversal attacks, sanitize it and put it in a textarea to avoid any malicious script.
    Is your site secure? Get a free security scan
    pay only if vulnerable!

    Secure WebHosting


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •