Microsoft IIS ASP Discussions
 
LogSat
(1)
Contant
(1)
Makers
(1)
Emailaddress
(1)
Newsgroupt
(1)
Clientside
(1)
Toppost
(1)
Wether
(1)

check content type in asp

Asked By Deep
05-Nov-09 03:46 PM
Reply
Dear sir/madam
I have to make a program in asp to upload resume. But hacker is
uploading any type of file. I want he can upload only text file.
I dont want to check only its extension.
How can I do please help me.
it is urgent.

Thanks in Advance

Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.

Evertjan. replied to Deep
05-Nov-09 03:46 AM
Reply
Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.general:


Are you qualified to do that?
Do you want to resume an upload, or is it a résumé?


Perhaps you are not qualified, Deep?


Why? You should not want to give a hacker anything.


Contant can only be seen on the server after uploading.

Probably your best bet is just limit the length of the file.

Also define what a textfile is, if it is not defined by it is extension.


Learn to write code, try, and show us where you go wrong.
Or pay a qualified programmer.
This NG is not a helpdesk.


It is not to us.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Cut the guy some slack, this is what newsgroups are for.

Roberto Franceschetti replied to Evertjan.
09-Nov-09 09:22 PM
Reply
Cut the guy some slack, this is what newsgroups are for. There may be
someone else with the same question in the future reading this who may
find the answer useful.


Going back to the original question, it is not that simple as most upload
components probably will not be passing you the content type of the file
being uploaded. If you (rightfully so) do not want to rely on the
extension, a possible workaround is to check - let us say - the first 100
bytes of the file. If they all fall between 0x9 and 0x128 chances are
the file is a clear-text file without binary code. You may need to add
exception of other high-order bytes that may contain other characters,
but it is a start.

...Just an idea.

--
Roberto Franceschetti
LogSat Software
Makers of Spam Filter ISP
http://www.logsat.com






--
Roberto Franceschetti
LogSat Software
Makers of Spam Filter ISP
http://www.logsat.com

Roberto Franceschetti wrote on 10 nov 2009 inmicrosoft.public.inetserver.asp.

Evertjan. replied to Roberto Franceschetti
10-Nov-09 04:20 AM
Reply
Roberto Franceschetti wrote on 10 nov 2009 in
microsoft.public.inetserver.asp.general:


[Please do not toppost on usenet]


There is no "what newsgroups are for", there is only "how newsgroups came
into being" and "how newsgroupt are generally used nowadays". Both do not
cover your interpretation.

And I do not think "someone else with the same question in the future
reading" will be helped by believing that "it is urgent" is acceptable on
usenet, as if it were a paid helpdesk.

I agree to give the guy some slack, not to cut the leash.


That is not an answer to the OP's Q, Roberto,

The OP specified:


Your solution is to test such file WHEN ALREADY UPLOADED,
and then choosing wether or not to save the file serverside.

The only way the OQ can be fulfilled is to have some clientside component,
not so usefull in the case of a wizzy and nasty hacker.

It is better to exclude him/her by passwording all other users.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Previous Discussion:  sendmail finnishing
Post Question To EggHeadCafe