|
||||||
| JavaScript and CSS Extensible Markup Language, Java Script, and CSS questions here. |
![]() |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
|
|||
|
File Spoofing?
Hello again,
You got to be kidding me right? I am going to assume your not. By spoofing, you mean taking an EXE file and giving it a JPG extension right? So what happens when you do something like the following when a file is spoofed? <img src="spoofedFile.JPG"> My first thought it would show a box with an X through it. That is at least what happens when a JPG can not be found. My biggest question is how do you tell a file is spoofed upon uploading it? How is that prevented? The more I learn about securing a website, the more I hate hackers. The worst thing is I bet the majority of programmers do not even take measures to secure a website like this. Thanks again for any information you can provide me with. If there was a security class in my area, I would definately take that. For now, this is the best I got so I really appreciate it. Sincerely, Travis Walters admin@codebuyers.com Last edited by twalters84; 01-15-2008 at 01:48 PM.. |
|
||||
|
So you are saying that we should not even accept JPG/GIF files to be uploaded?
__________________
Funny Media Blog |
|
|||
|
Another Good Article
Hey there,
I found another good article here: Application Security with Coldfusion The part that I found very interesting and is related to our latest discussion is the following: Quote:
However, I wonder if I created a seperate directory just for uploads if that would solve the problem. I am wondering maybe if there is a way to make everything non-executable in that folder some how? Sincerely, Travis Walters |
|
|||
|
Some Documention
Hello again,
For other coldfusion developers, I found a few things that are quite useful. This feature is undocumented in coldfusion 7 but it works: Script Protection Attribute in Cfapplication It does not protect against all XSS attacks, but its better than nothing. The Adobe Coldfusion Security Center also has some nice information: Adobe Coldfusion Security Center Hope this helps other developers. Sincerely, Travis Walters |
![]() |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Memory leak prevention methodogies | c___newbie | C and C++ | 17 | 07-25-2009 10:41 AM |
| Dynamic Email insertion in HTML | Gibster | HTML Programming | 5 | 07-17-2007 05:22 PM |
All times are GMT -5. The time now is 06:51 AM.
Amrosama.cc
Arekbulski.cc
Debtboy.cc
Guest.cc
Jaan.cc
James.cc
Mathx.cc
Tsz.cc
Vswe.cc