Check zip attachments for disallowed extensions

Started by Thantos, December 24, 2004, 02:01:13 AM

Previous topic - Next topic

Thantos

I would like to allow my users to attach compress attachments.  This is helpful when they are posting the source code to a project.  The problem is that I want to make sure that inside the zip file there are no executables.
I would like to see the ability for the board to check the contents of the zip and if any files inside are not allowed, have it reject the file.

Thanks

[Unknown]

This is rather specialized, isn't it?  And, what if you were using Linux - binaries for it generally have no extension!

This is possible, but I would say it should be a mod, not a built in feature.

-[Unknown]

Thantos

Quote from: [Unknown] on December 24, 2004, 08:11:24 AM
This is rather specialized, isn't it?  And, what if you were using Linux - binaries for it generally have no extension!

This is possible, but I would say it should be a mod, not a built in feature.

-[Unknown]

I was thinking more along the lines of:  If you weren't allowed to upload that file type to begin with, reject.  If you'd rather it be a mod so be it :)

[Unknown]

But, see, the primary reasons for limiting attachment extensions are:
  - disallowing html code/javascript that might do malicious things when viewed.
  - discouraging the posting of certain content (but you can always rename...)
  - when encrypt filenames is off, protecting the web server from code.

So, why is it such a big deal if they post the compiled binary?  Yes, the zip will be larger (you could lower the allowed size :P) but it's no big deal.  Or, are you paranoid?  You think that if you compile it, without viewing the source, and run it... you'll be safe, but not if you run whatever they give you? (because if you viewed the source code and recompiled it anyway, it wouldn't matter.)

Sorry, this just doesn't seem like something most (say 95%) of SMF's users would use or even care about.  I'm not saying you shouldn't or can't make a mod for this, although as I said it would be a bit complicated and would only work for zips or tar.gz files without a lot of work, but again... I don't see this as a default feature.

-[Unknown]

Trekkie101

If they are posting Source Code to a project, why would they want to ruin people, then they shouldnt be a developer if all they care about if killing computersl Put them in a special group and if you trust them they wont.

Advertisement: