Zip extraction app Server security

a freelance programer created for me an app for decompressing zip archives. Its based purely on this javascript code - and files are not stored on server.

Zip archive can be dangerous due viruses and malwares. Do I understand it right that my server will be secure if the app is pure html/javascript? This unziping will be done throught frontend and not backend. I am not programmer so I am not sure if I do understand this right.

1 Like

I am not familiar with that particular script, but as long as your server is storing and transmitting the zip file itself and not unzipping it on the server, then I would say you are pretty safe.

However of course that still brings up the topic that you are potentially housing zip files that may have a virus on your machine and someone may inadvertently open one of those files at some point in the future. Perhaps you can run some kind of scan on them on upload?

1 Like

I will be not opening zip files. The app just help you extract zip archives and download files.
Here is an example of this app:

So how does the script know what’s inside the zip file to give you a list of files to download?

Maybe I didn’t understand you right.

Of course that javascript is somewhat opening files, but everything should be done thought internet browser and not my server. This is frontend app and not backend app.

I am not expert at this but if there are not zip files on my server then this server should be secure.

If your only concern is the server, and not your visitors, then yes, it will be secure.

If your visitors actually use a website to do something that every operating system does natively, and trust you not to

  1. steal their zip files
  2. steal the passwords to those files
  3. look at the contents of those files
  4. inject a virus of your own into said files (or if your server gets compromised, that said compromiser hasnt injected viri…)

(ALL of which are possible the moment you put a file on a website…)
Then I suppose your users can consider it “secure”. But I wouldnt.

1 Like