Text only | Text with Images

Simple Machines Community Forum

Customizing SMF => Building Your Community and other Forum Advice => Topic started by: FractalFrank on October 13, 2017, 11:48:29 AM

Title: What is the actual security risk of zips and other archive file attachements?
Post by: FractalFrank on October 13, 2017, 11:48:29 AM
Hello!
Not sure if I posted this in the right category.
Anyways:
We have repeated requests to add zip files to our allowed attachements. It makes sense from our users standpoint.
So the questions, what exactly is the security risk of zips, rars and the likes? Is it just a risk for our users, because who knows what someone uploads and hides in there?
In this case we would allow it and rely on the our users paying attention themselves (also only allow attachements for users with 10+ posts as barrier)

Or are these files also a danger for smf-system and the server?

Some more info on the "why" would be nice - going beyond the usual, don't do that, everyone knows it's dangerous.

Thanks,
Frank

edit: Ok,  I just noticed it is definitely the wrong board to post this - sorry! Please move to wherever this fits.
Title: Re: What is the actual security risk of zips and other archive file attachements?
Post by: FractalFrank on October 23, 2017, 02:57:24 AM
*bump*

is this too obvious? or does nobody know the answer?
Title: Re: What is the actual security risk of zips and other archive file attachements?
Post by: Arantor on October 23, 2017, 03:02:09 AM
It's just a risk to your users who may download without knowing what they contain. No risk to the server for the files just being there.
Text only | Text with Images