Security :: File Upload And Virus Scanning?
May 14, 2010
I am wondering what the best strategy is for accepeting http uploaded files on a web server in a safe way? I have access to scanning software which will quarantine suspect files, but not really sure what the best practice is for this kind of thing?This is somewhat of a pest as the form data and the uploaded file form a logical unit - the fact the files must be scanned (pottentially quarantined) means I would need some kind of callback, post upload mechanism for handling this.
Is there a preferred way (or peice of software) for handling thsi kind of thing?Happy to elaborate of anyone wants to comment or assist? I'm aware I can limit file size, file extension etc, so really just concerned about stopping viruses entering the web server and/or network. And I guess to do so in awy that allows me to interact with scanning software such that I get feedback in relatively real time??
View 1 Replies
Similar Messages:
Jun 29, 2010
We are going to start accepting resumes online but I need to know if the uploaded files will be virus scanned before I park them into the database. I thought this would be a server thing but the server admin and the security guy both said they didn't know. We already have a firewall and antivirus software, I just want to know how things work with native ASP.Net controls and not a product to try.
View 2 Replies
Nov 22, 2010
I have a requirement where i need to check the virus of a file when uploading file to server. Actually we don't know what type of files user uploads, he may upload a word doc which has virus. So inorder to protect server i need to write a program which should in rejecting the file which has virus.
View 3 Replies
Jul 20, 2010
I am developeing a site, in that I need to give contact us page , I need to get details visitor input in the fields, comments then generate a email and sent it to admin of the website.
here i have a doubt if some body type any thing which can be run or harm to machine or server website runing on. what we can do in such case. how do we trace any thing harmful input streams ?
View 1 Replies
Jan 24, 2011
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 Replies
Jan 13, 2010
I am using the async file upload control to upload to a image file. I want the user to upload only jpg files. And for that I am checking the uploadedfile content type in server side, after the upload complets. I wanna check this, before upload starts. There is one javascript method
function startUpload(sender, args){}
but how to access the content type of the file selected by user.
View 5 Replies
Feb 15, 2010
i use file upload to upload file a folder. but i need to give write permission to IUSR_MACHINENAME user. Can i achieve this with different user Account Credidental?
View 2 Replies
May 18, 2010
I am trying to create a new user that includes a file upload. I want to write the file name to the database in a table called MemberInfo.
Here is my button code:
[Code]....
View 1 Replies
Jun 14, 2010
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?
I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.
This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 5 Replies
Apr 6, 2010
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 2 Replies
Feb 28, 2010
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 1 Replies
Jun 16, 2010
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.I also thought about checking against MIME Type using PostedFile.ContentType.I still don't know if this is adding any further functionality than checking against file extensions alone, and if an attacker have and ability to change this information easily.This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 2 Replies
Jan 6, 2011
Iam using a file upload control for uploading files in my asp.net application. iam using the following code to impersonate the users who do not have permission for the files to upload. The code works fine for all the files, but it is not working for the files which are in desktop.
Code in .cs file:
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo();
In web.config iam using the following:
<identity impersonate="true" />
View 3 Replies
Feb 11, 2011
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
View 1 Replies
Feb 8, 2011
how to upload and save files to oracle database, and view file using C# .net and can upload one or more files in one webform.
View 1 Replies
Aug 6, 2010
I want to upload files to the web servers from the client machines.
Can i upload a file on a network share folder using file upload control?
I would like to create a share folder on a file server sitting next to the web server. If i upload the file from the network share folder instead of uploading it from the client machine does it make any difference?
Will the file be stored in a temporary location before copying to the final destination? Where will be the file stored in this case of uploading it from share folder?
View 1 Replies
Dec 10, 2010
I am using the File Uploader to upload files. It is working fine. But I receive the page can not be displayed when I try to upload a file>4Mb in size.
View 1 Replies
Aug 25, 2010
Server Error in '/' Application. Access to the path 'c:InetpubEnewsAttFilesemploy-e-header2.jpg' is denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access to the path 'c:InetpubEnewsAttFilesemploy-e-header2.jpg' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
View 6 Replies
Jun 8, 2010
I am making a document management system in which user has to save documents. I don't want the user to browse and select the document and then upload it. I just want them to scan it there and then save it. So i guess I will have to interface a scanner. how I can do it in asp .net web application.
View 4 Replies
Apr 1, 2012
i have problem in uploading 2gb video file using file upload control in asp.net, i have limit the maximum file size in web config file then also it shows error any remedy for that...
View 1 Replies
May 14, 2012
I want to upload a file without using the file upload control in asp.net.
View 1 Replies
Jun 10, 2010
I have generated a barcode image through my web application and then gets it print out but that printed barcode image is not recognized by a laser barcode scanner ,below is the code which I used for generating barcode image
int BarCodeFontSize = Convert.ToInt32(ConfigurationManager.AppSettings["barCodeFontSize"]);
View 4 Replies
Mar 30, 2010
I want to create an webbased application , in wich i want to add functionality for scanning. And i also want to ocr scanned document, how can i do this in asp.net ?
View 2 Replies
Sep 24, 2010
I have a file upload control on my page with a regular expression validator that handles the file format.
Users can upload files but I want the maximum WIDTH size to be 500px.
If any bigger I need to show a message advising the width is to great and stops them.
View 3 Replies
Jul 15, 2010
Im using a file uploader to upoad files to a folder used for upload.But the problem is this folder is a linux folder. I have made it a shared folder so that I can access from windows by samba. So, file transfer is successful when I'm using os but when I try to upload something from my websites uploader to this folder, this process is not successful. I have given all permissions to this folder.Don't know whats the problem.I have used both type of slashes for directory but still it is not successful.
View 4 Replies