uploading files and security

A

Anthony Blackburn

I have a form on a page, made with FP2003, running on a server swith FP
Extensions and running IIS.

My concern is on the form, which is as www.goapple.com/order.htm, that if I
add an upload to the form, that I will open myself up to threats.

Can anyone discuss best security practices for uploading attachments on a
form?

Thanks
 
R

Ronx

For maximum security - Don't allow uploads.

Otherwise:
Use a custom written server side script (asp, PHP, Perl/CGI) supported by
your host (or adapt a script that you can find) that will restrict the file
extensions, filenames, and file sizes. Filenames should be restricted so
that names such as foo.exe.jpg are excluded. The FrontPage upload
component does not qualify here.

Only allow uploads from registered users - do not allow self-registration.
This will require a database for registered users along with the necessary
logon scripts and restricted access to pages. Always vet users before they
are placed in the database as active users.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Access 2010 Disable Microsoft Access Security Notic 3
folder properties grayed out 1
Issue uploading calendar to server 13
Attach/upload/link files to a form 3
Frontpage we site upload erro 1
connecting file upload form to server 13
Conflict between Frontpage extensions and SharePoint server 2
File upload button in FP forms 1

Top