hi guys !!

If a website having file uploading facility for the users, then which file extensions should be blocked to upload, that can break the security of website.

We know if someone able to save .asp file on the server then he/she can run that file aswell ... and any sort of code can be written ...

moreover if server supports FSO object then users can easily download the complete website even the database.

Any comments ... How to restrict users.

Regards

Are you using a file upload component? If so, which one? Each component has its own method of fle type restriction.

You will definately want to restrict EXE, ASP, etc. I would block everything that is not directly related to the point of the file upload facility. For example, if its for uploading pictures, only allow JPG, GIF, PNG, and BMP.

Regards.

hi ..

I have blocked .asp, .php, .aspx, .cfml, .js , .cgi .. because all these extensions are supported by my hosting machine.

I am not using any specific component for file uploading. But as i store the file, I add the GUID and Underscore with the file name which makes it unique and unknown by user.

If you know any other restriction let us know.

Its a student/teacher assignement sending facility, So what types of files should be allowed to upload.

Any idea ???

Regards and thanks.

hmmmm actually i've made it using another technique, fisrt i'm choosing the ext that will be enabled for example if the expected file is image file i'm catching the jpeg and gif and png only and block all the other files, and the second thing i'm doing is that i'm renaming the file with a .jpg for images what ever was the extension. thats what i'm doing, actually i don't know if it was right or wrong, but its functions so good for me.