Hi,
From a previous question I asked it seems that Chronoforms relies on the user to consider this but does Chronoforms have any active security built in to avoid website hacks (SQL injections etc).
I am concerned about how viable it would be for a visitor to upload an image or a PDF (etc), that is actually a virus, through Chronoforms and for that to be written in such a way that it will execute code once it's uploaded. It's anticipated that the upload will be Emailed alongside the completed contact form.
Any recommendations for doing this safely please, since i'm not a hacker, i'm also not in a great place to protect against it! We also all care about keeping client data safe and we are often legally obliged too.
Thanks.
From a previous question I asked it seems that Chronoforms relies on the user to consider this but does Chronoforms have any active security built in to avoid website hacks (SQL injections etc).
I am concerned about how viable it would be for a visitor to upload an image or a PDF (etc), that is actually a virus, through Chronoforms and for that to be written in such a way that it will execute code once it's uploaded. It's anticipated that the upload will be Emailed alongside the completed contact form.
Any recommendations for doing this safely please, since i'm not a hacker, i'm also not in a great place to protect against it! We also all care about keeping client data safe and we are often legally obliged too.
Thanks.
Following. Interested to know this too.
Hi indieben,
Users have a wide range of requirements for forms. ChronoForms has some basic protections but not absolute protection.
There is a Joomla! class that you can use to scan file uploads if this is a concern to you. (I'm not clear from the docs if this is automatically used by Joomla! in the file upload process.)
Bob
Users have a wide range of requirements for forms. ChronoForms has some basic protections but not absolute protection.
There is a Joomla! class that you can use to scan file uploads if this is a concern to you. (I'm not clear from the docs if this is automatically used by Joomla! in the file upload process.)
Bob
Please check this:
https://stackoverflow.com/questions/5670590/can-any-of-these-files-execute-virus-on-a-server
Best regards
https://stackoverflow.com/questions/5670590/can-any-of-these-files-execute-virus-on-a-server
Best regards
Thanks, so would you say that leaving [.extension] in place is safe enough? it's just a case of if you download it, scan it for viruses and the "safe enough" part is based on the server being set up properly? I understand that CF explicitly requires safe extensions to be specified to?
Thanks.
Thanks.
This topic is locked and no more replies can be posted.
