Re: OT - Public Upload Security

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 41475
interpreted = N
texte = I already have my files set up to upload, check for extension on upload, check image size and check file size but there are instances when an extension does not tell the whole story on what the file is. In other words, what security features do other use? Is what I already have what you other programmers do for security? Does anyone use 3rd part virus scanning along with this? I'm trying to block a potential security hole any way thru scripting or application.I'm sure other people on this list have their users upload something to their system. Give your input no matter what platform. :o)Alisha Outridge Spec Simple, Inc. Where the World of Design Connects...On Friday, July 12, 2002, at 12:49 PM, Jesse Williams-Proudman wrote:> On 7/12/02 9:12 AM, Christopher Mackay wrote: > >> Please post any suggestions to the list for all to see! Something >> that could do this (we're using almost exactly the same setup -- >> WebSTAR 4.4/WebCat 3.0.7/Mac OS 9.1) would be very cool. > > I wrote custom upload code that checks the extension to make sure it's > what > you want it to be. Features are as follows: > > Features: > Full HTTP Upload File Management System > Upload/View/Delete Files > Extension Checking - Allow only files you approve. > WebCatalog Stripper - Remove WebCatalog commands from .html pages > Fully Customizable - You get raw code you can edit. > Correctly catches windows paths > Correctly catches windows network share paths > > > > Cost is $200 > > -- > > Jesse Williams-Proudman || CEO > NineWire Digital Solutions || +1.888.873.6199 > jesse@ninewire.com || http://ninewire.com > Mac Web Hosting & Colocation || Mac Nationwide Dialup > > $75 Xserve Colocation Special from Your Mac ISP! > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT - Public Upload Security (Robert Wade 2002)
  2. Re: OT - Public Upload Security (Glenn Busbin 2002)
  3. Re: OT - Public Upload Security (dale's stuff 2002)
  4. Re: OT - Public Upload Security (Alisha Outridge 2002)
  5. Re: OT - Public Upload Security (Jesse Williams-Proudman 2002)
  6. Re: OT - Public Upload Security (Christopher Mackay 2002)
  7. OT - Public Upload Security (Alisha Outridge 2002)
I already have my files set up to upload, check for extension on upload, check image size and check file size but there are instances when an extension does not tell the whole story on what the file is. In other words, what security features do other use? Is what I already have what you other programmers do for security? Does anyone use 3rd part virus scanning along with this? I'm trying to block a potential security hole any way thru scripting or application.I'm sure other people on this list have their users upload something to their system. Give your input no matter what platform. :o)Alisha Outridge Spec Simple, Inc. Where the World of Design Connects...On Friday, July 12, 2002, at 12:49 PM, Jesse Williams-Proudman wrote:> On 7/12/02 9:12 AM, Christopher Mackay wrote: > >> Please post any suggestions to the list for all to see! Something >> that could do this (we're using almost exactly the same setup -- >> WebSTAR 4.4/WebCat 3.0.7/Mac OS 9.1) would be very cool. > > I wrote custom upload code that checks the extension to make sure it's > what > you want it to be. Features are as follows: > > Features: > Full HTTP Upload File Management System > Upload/View/Delete Files > Extension Checking - Allow only files you approve. > WebCatalog Stripper - Remove WebCatalog commands from .html pages > Fully Customizable - You get raw code you can edit. > Correctly catches windows paths > Correctly catches windows network share paths > > > > Cost is $200 > > -- > > Jesse Williams-Proudman || CEO > NineWire Digital Solutions || +1.888.873.6199 > jesse@ninewire.com || http://ninewire.com > Mac Web Hosting & Colocation || Mac Nationwide Dialup > > $75 Xserve Colocation Special from Your Mac ISP! > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Alisha Outridge

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b12plugin - [search] is broken ... not! (1997) WebDNA vars parsed in FLASH (ActionScript) (2004) nslookup (2000) OT: Microsoft to buy Macromedia? was: [Ignore] Test (2002) missing records (1998) Change Subtotal (2000) addlineitems (2003) Thanks ! (1997) Signal Raised Error (1997) Big Databases (1997) [WebDNA] Downloadable file protection (2011) Page Showing 3 times (2000) BBEdit and WebCatalog 2.0? (1997) WC2b12: Yes, Formulas.db is for real (1997) Questions on Mac WC 3.0.5b13 (2000) Running subtotal? (1998) & not allowed in db by definition? (1999) shipping costs (1997) Bug? (1997) webcat and OS 8 (1997)