Is there any way to do this?
Is there any possible way to limit the contents of a folder to jpeg and gif extensions only? I am hosting an ftp folder for some kids, don't want them doing anything stupid or uploading scripts. I am using ProFTP, so is there a way to make sure or restrict to anything but gif's, or jpeg's being uploaded? TIA.
|
And if you could they'd rename it :}
megagame_hack.exe.gif ;) Cheers, Tink |
So are you saying you cannot? If they upload exe.gif, it would work as a gif and not an executable right?
|
He is saying that that it doesnt matter if you could. File extensions dont really mean anything, they are just for personal organization. I could upload "xxxpron.mpeg.gif" and if I play the file "xxxpron.mpeg.gif" with xine or mpplayer the video would play regardless of the file extension. Or on your server they could upload "superftphax0r.exe.gif" and run it as an executable.
|
Quote:
what it says it is. That is, to be MORE safe (there's always a way around if you're evil, or curious,or bored) the ftp-daemon would have to run e.g. file against a file once it's uploaded to determine what it REALLY is, and delete it if it's something that you don't want. I don't think that something like PathAllowFilter (Config statement for Proftpd) will do anything but checking the file-name which isn't good enough if the kids aren't completely dumb trolls. I'm not quite sure what your concern is, though. Do you not want the kids to "trade" certain things, or are you afraid they might compromise your machine? Cheers, Tink |
You could set up a cron job that would run the file command against every uploaded file in the directory. A good start to pick out non-gif and non-jpg files would be:
file * | grep -v "GIF image" | grep -v "JPEG image" | cut -d: -f1 Of course, this is a very simple test and it's not foolproof but its a start. |
All times are GMT -5. The time now is 04:56 PM. |