Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Location
    Adirondacks
    Posts
    516
    Thanks
    4
    Thanked 4 Times in 4 Posts

    uploading file security Q

    I have a script that basically parses an orderred list of mine and splices+displays it in table format etc.
    I would like to allow visitors to upload their own txt or csv file and use their own list.
    In the past I used some generic FORM and some SOB uploaded a virus or somesuch. Naturally I took that uploading function out and reverted back to just my orderred list.

    My Q is how do you guard against such attacks?
    The list would be just football player names separated by commas.
    Is there a way to say query the uploaded file for "Peyton Manning" and if he's not there then it doesn't accept the upload?
    Just an idea, feel free to suggest other ideas

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You would need to check the file type on the server side. If its a text file then move it from the temp directory. Seems like your old upload script allowed any file type allowing the person to upload the virus.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Regular Coder
    Join Date
    Jun 2002
    Location
    Adirondacks
    Posts
    516
    Thanks
    4
    Thanked 4 Times in 4 Posts
    how do you check file type?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •