I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?
I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.
This is basically for a course management system for students to upload assignments and teachers to download and view them.
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.I also thought about checking against MIME Type using PostedFile.ContentType.I still don't know if this is adding any further functionality than checking against file extensions alone, and if an attacker have and ability to change this information easily.This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 2 RepliesI have a file uploader I would like to be able to have a folder added to the folder path on upload based on a textbox.text "MapPath("~/Uploads/" + Path.GetFileName(e.filename))"
I have Dim folder as String = textbox.text how do I add folder to MapPath("~/Uploads/"
it currently checks for .xml files how can I add more .doc .gif etc
Dim savePath As String = MapPath("~/Uploads/" + Path.GetFileName(e.filename)) 'Validation for file extension If Path.GetExtension(e.filename).Contains(".xml") Then Return End If
I was wondering if there is a method where i can check to see if the file that a user is uploading is either one of the following formats:
.doc
.docx
.pdf
I currently upload like so:
[Code]....
Now is there a way i can check to see if the files are of the above formats and limit the users to only be able to upload files of this format?
I am using Asp.net 3.5 framework: with prior versions i was able to inscrease by going to machine.config file
<httpRuntime
executionTimeout="90"
maxRequestLength="4096"
But with 3.5 framework, i could'nt find <httpruntime> tag in machine.config file.
I have added validation to validate if the user has chosen .doc file or not. But I want to show only .doc files by changing the "files of type to .doc" in file upload window.
View 1 RepliesHow can i filter the file in the dialog box
View 3 RepliesI was wondering if there is a method where i can check to see if the file that a user is uploading is either one of the following formats:
Quote:
.doc
.docx
.pdf
I currently upload like so:
PHP Code:
[code]....
Now is there a way i can check to see if the files are of the above formats and limit the users to only be able to upload files of this format?
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 RepliesI'm trying to increase the execution timeout and file upload limit on my asp.net website but when i try to add
<httpRuntime
executionTimeout="110"
maxRequestLength="4096">
</httpRuntime>
i get the following errors:
Could not find schema information for the element 'httpruntime'.
Could not find schema information for the element 'executionTimeout'.
Could not find schema information for the element 'maxRequestLength'.
According to this msdn library link this is how I'm supposed to do it,so what am I missing here?
I am using the async file upload control to upload to a image file. I want the user to upload only jpg files. And for that I am checking the uploadedfile content type in server side, after the upload complets. I wanna check this, before upload starts. There is one javascript method
function startUpload(sender, args){}
but how to access the content type of the file selected by user.
i use file upload to upload file a folder. but i need to give write permission to IUSR_MACHINENAME user. Can i achieve this with different user Account Credidental?
View 2 RepliesI'm trying to do something simple but all the solutions I have read on the net do not work. I have restricted the file size limit to my uploads to 10MB in the web.config file. Now I want to show an error once a user attempts to submit a file larger than 10MB.All I get is a page cannot be displayed if the file size is too big. I have tried the following:
[code]...
I am trying to create a new user that includes a file upload. I want to write the file name to the database in a table called MemberInfo.
Here is my button code:
[Code]....
I am wondering what the best strategy is for accepeting http uploaded files on a web server in a safe way? I have access to scanning software which will quarantine suspect files, but not really sure what the best practice is for this kind of thing?This is somewhat of a pest as the form data and the uploaded file form a logical unit - the fact the files must be scanned (pottentially quarantined) means I would need some kind of callback, post upload mechanism for handling this.
Is there a preferred way (or peice of software) for handling thsi kind of thing?Happy to elaborate of anyone wants to comment or assist? I'm aware I can limit file size, file extension etc, so really just concerned about stopping viruses entering the web server and/or network. And I guess to do so in awy that allows me to interact with scanning software such that I get feedback in relatively real time??
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 2 RepliesI'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 1 RepliesIam using a file upload control for uploading files in my asp.net application. iam using the following code to impersonate the users who do not have permission for the files to upload. The code works fine for all the files, but it is not working for the files which are in desktop.
Code in .cs file:
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo();
In web.config iam using the following:
<identity impersonate="true" />
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
how to upload and save files to oracle database, and view file using C# .net and can upload one or more files in one webform.
View 1 RepliesI want to upload files to the web servers from the client machines.
Can i upload a file on a network share folder using file upload control?
I would like to create a share folder on a file server sitting next to the web server. If i upload the file from the network share folder instead of uploading it from the client machine does it make any difference?
Will the file be stored in a temporary location before copying to the final destination? Where will be the file stored in this case of uploading it from share folder?
I am using the File Uploader to upload files. It is working fine. But I receive the page can not be displayed when I try to upload a file>4Mb in size.
View 1 Repliesi have a dropdown listS bounded to database
i need that the strongest role- lets say admin would be able to get all the lists from the database
while other roles would be able to see/get less values
I have set Private Memory limit of 200mb in IIS 7 for an application pool. The Private Working Set memory(Task Manager) for the application is always below 125mb but the number of page faults have increased a lot and application cache is getting cleared frequently after setting the limit.
I haven't set any limit on Virtual Memory.why the cache is getting cleared even when the Private memory used is below the allocated memory?