Author Topic: What is the actual security risk of zips and other archive file attachements?  (Read 10240 times)

Offline FractalFrank

  • Semi-Newbie
  • *
  • Posts: 20
Not sure if I posted this in the right category.
We have repeated requests to add zip files to our allowed attachements. It makes sense from our users standpoint.
So the questions, what exactly is the security risk of zips, rars and the likes? Is it just a risk for our users, because who knows what someone uploads and hides in there?
In this case we would allow it and rely on the our users paying attention themselves (also only allow attachements for users with 10+ posts as barrier)

Or are these files also a danger for smf-system and the server?

Some more info on the "why" would be nice - going beyond the usual, don't do that, everyone knows it's dangerous.


edit: Ok,  I just noticed it is definitely the wrong board to post this - sorry! Please move to wherever this fits.

Offline FractalFrank

  • Semi-Newbie
  • *
  • Posts: 20

is this too obvious? or does nobody know the answer?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 73,189
It's just a risk to your users who may download without knowing what they contain. No risk to the server for the files just being there.
No good deed goes unpunished
All helpful urges should be circumvented