Buy Now
Sign in

Tips for Uploading Files Safely and Securely And Avoiding Website Hacks

indieben , March 14 at 20:06
I
indieben 113
March 14 at 20:06 #384850
Hi,
From a previous question I asked it seems that Chronoforms relies on the user to consider this but does Chronoforms have any active security built in to avoid website hacks (SQL injections etc).
I am concerned about how viable it would be for a visitor to upload an image or a PDF (etc), that is actually a virus, through Chronoforms and for that to be written in such a way that it will execute code once it's uploaded. It's anticipated that the upload will be Emailed alongside the completed contact form.
Any recommendations for doing this safely please, since i'm not a hacker, i'm also not in a great place to protect against it! We also all care about keeping client data safe and we are often legally obliged too.
Thanks.
healyhatman 5.0
March 14 at 21:32 #384858
1
Following. Interested to know this too.
Web developer at SkySpider.com.au
I don't work for ChronoEngine but I do accept donations paypal.me/healyhatman

You can now copy+paste code from forums
GreyHead 63.3
March 15 at 10:28 #384870
Hi indieben,
Users have a wide range of requirements for forms. ChronoForms has some basic protections but not absolute protection.
There is a Joomla! class that you can use to scan file uploads if this is a concern to you. (I'm not clear from the docs if this is automatically used by Joomla! in the file upload process.)
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
admin 25.9
March 16 at 11:51 #384906
Max
If your main question got answered then please mark the answer using the button!
Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
I
indieben 113
March 16 at 19:22 #384918
Thanks, so would you say that leaving [.extension] in place is safe enough? it's just a case of if you download it, scan it for viruses and the "safe enough" part is based on the server being set up properly? I understand that CF explicitly requires safe extensions to be specified to?
Thanks.