Malicious File Upload - Restricting upload document types Hot

by Ranganath Panibhathe on June 23, 2015

Malicious File Upload - preventing the webserver from processing the file upload of executable or any other types.

  • File upload capability allows a web user to send a file from his or her computer to the webserver. If the web application that receives the file does not carefully examine it for malicious content, an attacker may be able to use file uploads to execute arbitrary commands on the server. It'll be good if there's a strict file upload policy that prevents malicious material from being uploaded via sanitization or filtering.

  • Please login to view any attachments.

  • This has been added as a capability of the file field. We do not plan to retroactively implement this against the attachment section. Because of this, and since his idea has not received many votes in 24 months since its submission, it has been closed (declined) due to insufficient support.
    David J. Easter Commented by David J. Easter June 04, 2018
    #1 Reviewer  -  

    This has been added as a capability of the file field. We do not plan to retroactively implement this against the attachment section. Because of this, and since his idea has not received many votes in 24 months since its submission, it has been closed (declined) due to insufficient support.

     

Print