Hi everyone,
I'm a undergraduate student working on an PHP bases opensource web
application. I've come across a conceptual problem and haven't been able to
find a satisfactory solution yet. And then I realised that Mantis was
already taking care of this problem. I would like to take a page from
Mantis' book and use it in our opensource application.
Let me explain the scenario in detail:
I'm working on a open source PHP web application that allows anonymous users
to upload files in various formats to the system. The file being uploaded
might be malicious or infected with virus/malware. Hence, I need to secure
the filesystem and save it from such virus attacks.
Mantis allows the bug reporters to attach all sort of files, images
(screenshots), zipped files, php, html files, patches etc. So, my question
is *how does Mantis secure itself from potentially dangerous files that can
be uploaded by evil users?*
I could have used some sort of trigger to immediately check the uploaded
file by calling clamscan with the file's location on a linux machine, but
the problem is that the webapplication can be used on any webserver on any
Operating system. And hence it won't work on windows, as the server owner
might have some other propritary antivirus software, and it won't be
possible to add hooks for all such AV in the configuration file.
So, does Mantis have any in-built mechanism to secure the uploaded files? If
yes, I'd really appreciate if someone can give me a brief overview or
atleast hint me towards the right direction.
I hope I have been able to explain my problem. Please let me know if any
other detail is required.
Thank you,
--
Amit Shanker
Senior Undergraduate Student | Computer Science & Engineering
Indian Institute of Technology Kharagpur
Web: http://cse.iitkgp.ac.in/~ashanker <http://cse.iitkgp.ac.in/%7Eashanker>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
mantisbt-help mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mantisbt-help
