Forums

Hi,
​
From a previous question I asked it seems that Chronoforms relies on the user to consider this but does Chronoforms have any active security built in to avoid website hacks (SQL injections etc).
​
I am concerned about how viable it would be for a visitor to upload an image or a PDF (etc), that is actually a virus, through Chronoforms and for that to be written in such a way that it will execute code once it's uploaded. It's anticipated that the upload will be Emailed alongside the completed contact form.
​
Any recommendations for doing this safely please, since i'm not a hacker, i'm also not in a great place to protect against it! We also all care about keeping client data safe and we are often legally obliged too.
​
Thanks.

Following. Interested to know this too.

Hi indieben,
​
Users have a wide range of requirements for forms. ChronoForms has some basic protections but not absolute protection.
​
There is a Joomla! class that you can use to scan file uploads if this is a concern to you. (I'm not clear from the docs if this is automatically used by Joomla! in the file upload process.)
​
Bob

Please check this:
https://stackoverflow.com/questions/5670590/can-any-of-these-files-execute-virus-on-a-server
​
Best regards

Thanks, so would you say that leaving [.extension] in place is safe enough? it's just a case of if you download it, scan it for viruses and the "safe enough" part is based on the server being set up properly? I understand that CF explicitly requires safe extensions to be specified to?
​
Thanks.