Results 1 to 5 of 5
  1. #1
    Join Date
    Mar 2004

    Question Is it safe to allow exe file upload to your server

    if its linux or windows?

    what are the bad sides to it.

    Testing 1.. Testing 1..2.. Testing 1..2..3...

  2. #2
    Join Date
    Feb 2003
    It depends on who you're allowing to upload and where the file is being uploaded on the server. If the file is being uploaded outside the web root and it can't be ran from a web browser then it should be fine. Otherwise I wouldn't allow some one to upload an exe on Windows or Linux. Just mainly because they could upload a virus and send people a link to your site to download it.

  3. #3
    I wouldnt allow .exe at all on windows because it could be a virus/trojen, i dont think linux would be harmed... as i recall.

  4. #4
    Join Date
    Jul 2003
    Forget all that, your server provider may not allow .exe files (to prevent pirated software "warez" to be uploaded). Check with your provider first.

    Secondly -- don't rely on extensions to determine what the file can do.

    Thirdly -- make sure your permissions are setup properly. 99% of the problems with uploading files (and security vulnerabilities) are caused by inappropriate permissions.
    In order to understand recursion, one must first understand recursion.
    If you feel like it, you can read my blog
    Signal > Noise

  5. #5
    Join Date
    May 2005
    Sydney Australia
    An executable file itself isn't necessarily a threat, unless you're providing users with some sort of execution environment. As that is unlikely, and you will likely want to ensure that it stays that way, you should pay a good deal of attention to preventing the unintentional execution of code.

    You should always treat any information generated by the user and sent to the remote server as dirty. Characters such as semi-colon should be replaced with inert equivalents before you do anything beyond storing it in a database field. Certaintly it should be done before you include it in any server generated page or step that invokes server side executables.

    The important characters are often system dependent.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts