Attachments: What is the downside of allowing?

Started by Patrickh, September 21, 2004, 07:24:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Patrickh

September 21, 2004, 07:24:11 AM
What is the downside of allowing attachments?  Is it simply a matter of bandwith?  Is there a security risk to allowing attachments?  It seems it would be nice to allow members to upload their own pictures without having to find someplace to host them.

Grudge

#1
September 21, 2004, 08:04:51 AM
Bandwidth and disk space. Ensure you enable "Encrypt Attachment Names" and you will be fine.
I'm only a half geek really...

davo88

#2
May 06, 2005, 07:42:36 AM Last Edit: May 06, 2005, 07:51:23 AM by davo88
Quote from: GrudgeEnsure you enable "Encrypt Attachment Names" and you will be fine.

I don't fully understand the advantage of having attachment filenames encrypted.

The Help window says..

QuoteEncrypting attachment filenames allows you to have more than one attachment of the same name, to safely use .php files for attachments, and heightens security. It, however, could make it more difficult to rebuild your database if something drastic happened.

If you are limiting allowed extensions to txt,doc,pdf,jpg,gif,mpg,png, does it still heighten security ?


xd3vilx

#3
May 06, 2005, 08:15:17 AM
Quote from: davo88 on May 06, 2005, 07:42:36 AM
Quote from: GrudgeEnsure you enable "Encrypt Attachment Names" and you will be fine.

I don't fully understand the advantage of having attachment filenames encrypted.

The Help window says..

QuoteEncrypting attachment filenames allows you to have more than one attachment of the same name, to safely use .php files for attachments, and heightens security. It, however, could make it more difficult to rebuild your database if something drastic happened.

If you are limiting allowed extensions to txt,doc,pdf,jpg,gif,mpg,png, does it still heighten security ?



Logically It Does Heighten Security...
U Can't Prevent Virus But It Help U To Lessen The Risk...

davo88

#4
May 06, 2005, 08:56:15 AM
Maybe I should have asked "how does it heighten security?"

Ben_S

#5
May 06, 2005, 09:09:36 AM
If a hole should be found that allows someone to upload a phpscript etc, then you would be protected. Also not security related but it avoids the problem of "A file with that name already exists", which becomes common with a few thousand attachments.
Liverpool FC Forum with 14 million+ posts.

Oldiesmann

#6
May 06, 2005, 11:17:54 AM
Limiting the uploads to certain filetypes greatly reduces the chances that someone would upload a virus to your forum, because you can't do much of anything dangerous with those filetypes. Disguising a virus as a PDF document or MPG movie wouldn't do much, because the person downloading the file would have to change the extension first - most technical people know better than this, and most non-technical people wouldn't even be able to see the file extension because by default Windows is set to "Hide extensions for known filetypes".
Print
Go Up Pages1
User actions
Advertisement: