RE: limiting Malicious uploaded file types

Wed, 23 Aug 2000 13:06:37 -0700 

Unfortunately not. It is a web collaboration tool, so we want to permit
people to exchange anything they want, without risking security.

Someone here suggested zipping/unzipping them on the fly, but that seems
klunky.

Jim

-----Original Message-----
From: Kevin Schmidt
To: [EMAIL PROTECTED]
Sent: 23/08/00 5:00 PM
Subject: Re: limiting Malicious uploaded file types

Jim,

Do you know the types of files that are going to be uploaded: IE .doc,
.gif,
etc.
----- Original Message -----
From: "Milks, Jim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 23, 2000 2:40 PM
Subject: limiting Malicious uploaded file types


> Hi all,
> I am in the process of coding a site on which users can upload files
for
> collaboration. I need to limit the file types that can be uploaded for
> obvious security reasons, and am curious if anyone has encountered
this
type
> of situation. I have found a way of determining this after the file is
> uploaded (maybe there is a CFX??), at which point I delete it, but
what I
am
> really interested in is which type of files I should exclude.
>
> So far, I have figured on these:
> .cfm, .asp, .vbs, .exe, .js
>
> Also, should I be concerned about EXE is I do not permit a file type
that
> could execute it? (such as cfm) If I do not have anything like JRun on
the
> server, need I be concerned with .jsp files?
>
> Lastly, what is a .dbm file? I have seen this MIME type on CF powered
sites
> before.
>
> Thanks,
>
> JM
>
------------------------------------------------------------------------
--
----
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or
send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
the body.
>

------------------------------------------------------------------------
------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to