SMF Community Helpers > SMF Documentation Help
"Password" tips?
Yoshi:
--- Quote from: Arantor on June 15, 2012, 08:41:56 AM ---So, fix it on a conventional desktop :P Either way, it's called taking resposibility :P
--- End quote ---
I don't have one when I sneak on when I have to go to sleep......
*whistles* :P
AngelinaBelle:
Kids! Thanks for bringing it up. And thanks, Colin, for making the change.
While we're on the subject -- If we are not permitting .exe files to be uploaded or displayed -- .com or .bat files? Anyone have experience with that, or do I need to contemplate how to do that experiment safely in the interest of writing good documentation?
Arantor:
Better yet, what's the security risk of doing so?
The risk to the server is typically negligible, a .exe file is usually a Windows executable but most hosting is Linux hosting of which the risk is basically nil.
.exe files can't be directly executed through the browser unless there's some vulnerability, but that invariably requires some other exploit to be exposed and utilised to deploy that payload. The risk, then, of a .exe file being uploaded is then limited to the risk that someone will download it and run it.
Now, that risk needs to be judged by the forum admin (dear God, making admins take some responsibility) as to whether their forum members are likely to need to do so, or not. Non-technical forums have no need to do so.
In SMF's case, the list of extensions is a whitelist, not a blacklist. That means the extension must be on the approved list - if you turn the setting on. .exe is not on the default whitelist, but IIRC the attachment setting has that turned off by default.
Navigation
[0] Message Index
[*] Previous page
Go to full version