Potential security hole?

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
adawg Members Profile Find Members Posts Groupie Joined: 10 February 2003 Status: Offline Points: 42	Post Options Post Reply Quote adawg Report Post Thanks(0) Quote Reply Topic: Potential security hole? Posted: 17 April 2003 at 3:42pm
	Taken directly from one of my users: When someone tries to upload a file that is not allowed, you should just tell them that file is not allowed. If you give them the files that are allowed, then all someone has to do is masquerade his file as any of the accepted file types.

Dergal Members Profile Find Members Posts Groupie Joined: 21 January 2002 Location: United Kingdom Status: Offline Points: 67	Post Options Post Reply Quote Dergal Report Post Thanks(0) Quote Reply Posted: 18 April 2003 at 5:51am
	And do what with it? the only certain file extensions are executed / processed... so if I upload a potentially dangerous ASP script and call it .jpg it will NOT be run... (unless there is something I don't know about) Gerry

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.