Allowed vs Restricted File Extensions  Bottom

  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 186
    Link to this post Posted: Jul 04, 2005 - 04:01 AM
    I'm working on a module which will allow end users to upload files and I realized there is a security risk. For instance, a user could upload a malicious PHP script to perform nasty stuff on the server. My solution to this is to allow the administrator to enter a list of file extensions to allow, or enter a list of file extensions to block.

    I'd like to know what the other module developers think is the best way to go, and get a feel for what users would prefer.

    Thanks!
  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 379
    Link to this post Posted: Jul 04, 2005 - 04:08 AM
    I'm for allowed extensions. It's much easier to say ".doc, .jpg, and .tiff" than "everything but .exe and .zip and .gzip etc etc etc," because there are a lot of extensions that would put the site at a security risk, and it's hard to keep track of all of them. Best I think to just disallow everything but a handful of special extensions.
  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 395
    Link to this post Posted: Jul 04, 2005 - 07:27 AM
    i would go for a list of allowed extensions,

Users on-line

This list is based on users active over the last 60 minutes.