What is the actual security risk of zips and other archive file attachements?

Started by FractalFrank, October 13, 2017, 11:48:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

FractalFrank

October 13, 2017, 11:48:29 AM
Hello!
Not sure if I posted this in the right category.
Anyways:
We have repeated requests to add zip files to our allowed attachements. It makes sense from our users standpoint.
So the questions, what exactly is the security risk of zips, rars and the likes? Is it just a risk for our users, because who knows what someone uploads and hides in there?
In this case we would allow it and rely on the our users paying attention themselves (also only allow attachements for users with 10+ posts as barrier)

Or are these files also a danger for smf-system and the server?

Some more info on the "why" would be nice - going beyond the usual, don't do that, everyone knows it's dangerous.

Thanks,
Frank

edit: Ok,  I just noticed it is definitely the wrong board to post this - sorry! Please move to wherever this fits.

FractalFrank

#1
October 23, 2017, 02:57:24 AM
*bump*

is this too obvious? or does nobody know the answer?

Arantor

#2
October 23, 2017, 03:02:09 AM
It's just a risk to your users who may download without knowing what they contain. No risk to the server for the files just being there.
Print
Go Up Pages1
User actions
Advertisement: