From: Brendan F. <drs...@gm...> - 2008-11-04 16:41:08
|
> This is a contradiction - either you allow *any* file (some hacking > required, I think), or you specify which files you allow and fill out > the Psuedo Verifier (from 'Global Settings') with how you want them > verified. (no coding required) > Yes, I suppose it is a contradiction. Right now I am thinking of implementing a blacklist and muck with some apache settings to disallow the execution of files on the server. If the files are not disallowed by the Psuedo Verifier then it would allow the files to be uploaded. I will try to get all the major security risk files blacklisted. Will also disable PHP & CGI where the files are being stored. I am looking into how to disable ASP & Cold Fusion as well. Jscript would be disabled with CGI. I would have no idea how to make this work on any other server but apache. I have never used any other server, but the blacklist should work on any computer with php enabled. > > I can walk you through this, I'll have a skeleton code module for you > by tomorrow evening gmt. Great! |