Advertisement:

Author Topic: What is the actual security risk of zips and other archive file attachements?  (Read 9668 times)

Offline FractalFrank

  • Semi-Newbie
  • *
  • Posts: 20
Hello!
Not sure if I posted this in the right category.
Anyways:
We have repeated requests to add zip files to our allowed attachements. It makes sense from our users standpoint.
So the questions, what exactly is the security risk of zips, rars and the likes? Is it just a risk for our users, because who knows what someone uploads and hides in there?
In this case we would allow it and rely on the our users paying attention themselves (also only allow attachements for users with 10+ posts as barrier)

Or are these files also a danger for smf-system and the server?

Some more info on the "why" would be nice - going beyond the usual, don't do that, everyone knows it's dangerous.

Thanks,
Frank

edit: Ok,  I just noticed it is definitely the wrong board to post this - sorry! Please move to wherever this fits.

Offline FractalFrank

  • Semi-Newbie
  • *
  • Posts: 20
*bump*

is this too obvious? or does nobody know the answer?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,123
    • StoryBB/StoryBB on GitHub
It's just a risk to your users who may download without knowing what they contain. No risk to the server for the files just being there.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

Nothing turns to hate so bitter as what once was love.