Tips for Uploading Files Safely and Securely And Avoiding Website Hacks

indieben 14 Mar, 2019

From a previous question I asked it seems that Chronoforms relies on the user to consider this but does Chronoforms have any active security built in to avoid website hacks (SQL injections etc).

I am concerned about how viable it would be for a visitor to upload an image or a PDF (etc), that is actually a virus, through Chronoforms and for that to be written in such a way that it will execute code once it's uploaded. It's anticipated that the upload will be Emailed alongside the completed contact form.

Any recommendations for doing this safely please, since i'm not a hacker, i'm also not in a great place to protect against it! We also all care about keeping client data safe and we are often legally obliged too.

GreyHead 15 Mar, 2019
Hi indieben,

Users have a wide range of requirements for forms. ChronoForms has some basic protections but not absolute protection.

There is a Joomla! class that you can use to scan file uploads if this is a concern to you. (I'm not clear from the docs if this is automatically used by Joomla! in the file upload process.)

indieben 16 Mar, 2019
Thanks, so would you say that leaving [.extension] in place is safe enough? it's just a case of if you download it, scan it for viruses and the "safe enough" part is based on the server being set up properly? I understand that CF explicitly requires safe extensions to be specified to?

This topic is locked and no more replies can be posted.