Showing results for 
Show  only  | Search instead for 
Did you mean: 

File Attachement for Developers Board



We are working on the possibility for our members to upload various types files in our community. It will be specifically on a board for developers. Our concern is about the security level in sending the following types: .json, .xml, .htm, .html, .js, .php, .py, .ts - scripts bat ps1 sh - all the c# types and c++ types, etc...


Do you guys have any suggestion about the best policy to avoid security issues for us and our members? Would it be better to only allow zip files instead of all these ones? Or is it too dangerous? Thanks

2 Replies 2

You'd have to alter the whitelist to allow those mime-type / extensions. File security on the server isn't really an issue you need to worry about, you should just assume the server will run through various checks to satisfy the file doesn't impose any security problems. The problem comes when downloading the files, browsers and operating systems are particularly paranoid when it comes to downloading Javascript and other "script" looking files.  For code snippets, you could always use the </>   insert code function or alternatively link directly to the files via a share link or a GitHub might be advisable. Zipping the files would help make the process more manageable (only having one file), however, local virus and malware software love scanning zip files and might complain about potential scripts within the zip.


Founder @hinterlands

@cblownThanks for your advice! It is very helpful. I was more inclined towards only adding .zip file type in the white list. But it seems that it is not the best direction to take.

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.