Markie
Posts: 251
|
| Posted: 08/07/2007, 11:37 AM |
|
I'm thinking of building an external storage system. My clients can upload files to the server (and download them whenever needed). I'm aware of the risks. Somebody can upload an executable (like a .pif, .cmd, .exe etc.) which turns out to be a virus or trojan. I want to prevent that.
Is it possible to make a 'download only' option for the uploaded files ?
Thanks,
Mark
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL |
 |
 |
mamboBROWN
Posts: 1713
|
| Posted: 08/07/2007, 3:25 PM |
|
Markie
Yes it is possible to make a 'download only' iption for the uploaded files.
All you have to do is create a field for the uploaded file that sets the status of whether or not the file is downloadable. When you display the downloadable files simply exclude the files that have the status of 'No'.
|
|
|
|
nottheusual_one
Posts: 1
|
| Posted: 08/08/2007, 2:38 PM |
|
Assuming that it is a *nix box, you just need to set the permissions on the file when uploaded to be "not executable". Then, it won't matter what type of file is uploaded, as it can't be executed by anybody.
_________________
++ Just in my opinion, which, when presented with a $1 bill, gets you a cup of coffee at the corner store++ |
|
|
|
wkempees
|
| Posted: 08/08/2007, 2:48 PM |
|
Just a stupid question:
Did you see the properties of the FileUpload component, it has file patterns
to include as well as file patterns to exclude.
Simply exlude *.exe;*.com; and any extension considered to be excluded.
Or did I totaly misread your post Marky?
Walter
"Markie" <Markie@forum.codecharge> schreef in bericht
news:546b8bc00d2188@news.codecharge.com...
> I'm thinking of building an external storage system. My clients can upload
> files
> to the server (and download them whenever needed). I'm aware of the risks.
> Somebody can upload an executable (like a .pif, .cmd, .exe etc.) which
> turns out
> to be a virus or trojan. I want to prevent that.
>
> Is it possible to make a 'download only' option for the uploaded files ?
>
> Thanks,
>
> Mark
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.yessoftware.com/
>
|
|
|
|
Markie
Posts: 251
|
| Posted: 08/09/2007, 2:13 AM |
|
Thanks you all !
nottheusual_one solved my solution. I did'nt mean to prevent uploading exe files etc. I just want to avoid that they are executable (security factor). As far as I'm concerned my clients can upload exe files, com files etc.
I found more information at: http://www.uno-code.com/?q=node/93
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL |
|
|
|
|
