Home / Community & Support / Developer Productivity Tools Forums / ASP.NET AJAX > Upload > Preventing GIFAR Attracks

• John Martin

  Posted on Sep 24, 2009 (permalink)

  Hi All,
  
  Im using the radupload to upload images to a site which will be used as images for a website. I want to prevent against GIFAR attacks and I'm wondering what action I can take to prevent these. I am currently using the radupload to only allow uploads of png,jpg and gif images, I then simply resave the images to my chosen destination, is this enough to prevent these attacks? If not what can I do?
  
  Thanks in advance.

  Reply

• Tsvetomir Tsonev Tsvetomir Tsonev

  Posted on Sep 25, 2009 (permalink)

  Hello,
  
  RadUpload doesn't process the uploaded files in any way and can't detect malicious files by itself. You'll have to inspect the files manually to decide if they're a threat. Here is the information that I've managed to find on the subject:
  http://www.infosecwriters.com/text_resources/pdf/RBrandis_GIFAR.pdf
  http://securethoughts.com/2009/01/easy-server-side-fix-for-the-gifar-security-issue/
  
  Thankfully, the bug seems to be fixed as of versions JDK and JRE 6 Update 11, JDK and JRE 5.0 Update 17, and SDK and JRE 1.4.2_19. The best protection would probably be to advise your customers to upgrade to the latest version of Java.
  
  All the best,
  Tsvetomir Tsonev
  the Telerik team

  
  Instantly find answers to your questions on the new Telerik Support Portal.
  Watch a video on how to optimize your support resource searches and check out more tips on the blogs.

  Reply

Back to Top

Home / Community & Support / Developer Productivity Tools Forums / ASP.NET AJAX > Upload > Preventing GIFAR Attracks