Allowed vs Restricted File Extensions :: Zikula Community :: Support at your fingertips

Start [1]
Search [2]
latest posts [3]
RSS [4]
Login [5]
Register [6]

[10]
Print topic [11]
[12]

Start [13] ::
Developers Corner [14] ::
Module Development [15] ::
Allowed vs Restricted File Extensions

Moderated by:
Support [16]

[17]

Allowed vs Restricted File Extensions

[18]Posted: 04.07.2005, 21:01

[19]

rank:

Helper

registered:

October 2002

Status:

offline

last visit:

23.01.07

Posts:

192

I'm working on a module which will allow end users to upload files and I realized there is a security risk. For instance, a user could upload a malicious PHP script to perform nasty stuff on the server. My solution to this is to allow the administrator to enter a list of file extensions to allow, or enter a list of file extensions to block.

I'd like to know what the other module developers think is the best way to go, and get a feel for what users would prefer.

Thanks!
[20]
- notify mod [21]
[23]Posted: 04.07.2005, 21:08

[24]

rank:

Helper

registered:

November 2004

Status:

offline

last visit:

12.03.07

Posts:

387

I'm for allowed extensions. It's much easier to say ".doc, .jpg, and .tiff" than "everything but .exe and .zip and .gzip etc etc etc," because there are a lot of extensions that would put the site at a security risk, and it's hard to keep track of all of them. Best I think to just disallow everything but a handful of special extensions.
[25]
- notify mod [26]
[28]Posted: 05.07.2005, 00:27

[29]

rank:

Helper

registered:

November 2004

Status:

offline

last visit:

20.09.08

Posts:

401

i would go for a list of allowed extensions,
[30]
- notify mod [31]

Users online:

AllKnightAccess [33],
AmmoDump [34],
Petzi-Juist [35],
ROCOAFZ [36],
Topiatic [37],
Wendell [38],
nestormateo [39]

This list is based on the users active over the last 60 minutes.

Powered by Dizkus [40] Version 3.0

Links