[OWASP-BLR][Owasp-world] Securing file upload

USMAN HAMEED /RTGWT/INFOTECH/BKC USMAN.HAMEED at 3i-infotech.com
Thu Aug 18 00:55:04 EDT 2005


I am using a .NET application, in which there is a feature
to upload files (.doc .xls) onto the server. How do I ensure
that the end user is uploading only permitted file type(s) &
not files containing any malicious code which can lead to
the compromise of the server? Please suggest security
measures that should be taken to avoid any such unwanted
upload.
 
 
 
Regards
 
Usman
 
 
-- 


"This e-mail message may contain confidential, proprietary or legally privileged information. It 
should not be used by anyone who is not the original intended recipient. If you have erroneously 
received this message, please delete it immediately and notify the sender. The recipient 
acknowledges that ICICI Bank or its subsidiaries and associated companies,  (collectively "ICICI 
Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views 
expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects." 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20050818/7452f887/attachment.html 


More information about the Owasp-bangalore mailing list