Khoros Atlas Logo

Valued Contributor
Valued Contributor

File Attachement for Developers Board

Hi  

 

We are working on the possibility for our members to upload various types files in our community. It will be specifically on a board for developers. Our concern is about the security level in sending the following types: .json, .xml, .htm, .html, .js, .php, .py, .ts - scripts bat ps1 sh - all the c# types and c++ types, etc...

 

Do you guys have any suggestion about the best policy to avoid security issues for us and our members? Would it be better to only allow zip files instead of all these ones? Or is it too dangerous? Thanks

2 Replies 2
Honored Contributor
Honored Contributor

Re: File Attachement for Developers Board

You'd have to alter the whitelist to allow those mime-type / extensions. File security on the server isn't really an issue you need to worry about, you should just assume the server will run through various checks to satisfy the file doesn't impose any security problems. The problem comes when downloading the files, browsers and operating systems are particularly paranoid when it comes to downloading Javascript and other "script" looking files.  For code snippets, you could always use the </>   insert code function or alternatively link directly to the files via a share link or a GitHub might be advisable. Zipping the files would help make the process more manageable (only having one file), however, local virus and malware software love scanning zip files and might complain about potential scripts within the zip.

HTH



Reply
Loading...
Highlighted
Valued Contributor
Valued Contributor

Re: File Attachement for Developers Board

@cblownThanks for your advice! It is very helpful. I was more inclined towards only adding .zip file type in the white list. But it seems that it is not the best direction to take.

0 Kudos
Reply
Loading...