executable file types

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

executable file types

Post by m2babaey »

Hi
I want to run a file upload service and plan to restrict uploading executable file types for security.
what are executable file types?
exe , bat , php , phpx , aspx , asp ,
what else do you know?
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: executable file types

Post by Doug G »

I assume you mean windows executables, here are a few more, .cmd, .vbs, .js, .pl, and I'm sure quite a few more. .pl if you have Perl installed.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: executable file types

Post by Ambush Commander »

Instead of checking file extensions, which can be spoofed, you should be using functions like finfo or mime magic to find out what's actually inside the file.
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Re: executable file types

Post by vigge89 »

It's usually safer to specify which file types that are allowed. I'd do what Ambush Commander said, but if you don't want/aren't able to use the finfo/mime type extensions I can always point to my tiny FileFormatIdentifier project :)
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Re: executable file types

Post by Kieran Huggins »

In addition to checking the extension, rename them to (and store them as) the md5 of their contents, keeping their details in a DB. In windows you can't execute them that way, and in Linux CHMOD them -x. Problem solved on your end!

Since they have no discernible mime type you'll never be able to restrict scripts completely, but you will be able to warn users about certain file extensions.
dayyanb
Forum Commoner
Posts: 46
Joined: Wed Jan 23, 2008 12:34 am

Re: executable file types

Post by dayyanb »

Don't forget .cgi
Post Reply