Hi ,
I encountered a scenario i.e. where we have to stop uploading of .exe or .bat files when their extension is changed to acceptable extension (.txt,.html,.htm,.odt,.rtf,.doc,.docx). I have tried to find a solution by using .NET code where I have used header codes of different file extensions, but header codes for .html and .htm get changed and doesn't seem to have a fixed header code. I have used Mime/Extension type but it didn't work. Looking for a solution through Telerik Controls.
Thanks,
Chaitanya.
I encountered a scenario i.e. where we have to stop uploading of .exe or .bat files when their extension is changed to acceptable extension (.txt,.html,.htm,.odt,.rtf,.doc,.docx). I have tried to find a solution by using .NET code where I have used header codes of different file extensions, but header codes for .html and .htm get changed and doesn't seem to have a fixed header code. I have used Mime/Extension type but it didn't work. Looking for a solution through Telerik Controls.
Thanks,
Chaitanya.
3 Answers, 1 is accepted
0
Shinu
Top achievements
Rank 2
Rank 2
answered on 11 Jun 2014, 12:14 PM
Hi Chaitanya,
In order to achieve your scenario you can use RadAsyncUpload Control. Please try to set the AllowedFileExtensions property of RadAsyncUpload, this will upload files with the specified extensions. Please take a look into this help documentation to get further information and also take a look into this online demo.
Thanks,
Shinu.
In order to achieve your scenario you can use RadAsyncUpload Control. Please try to set the AllowedFileExtensions property of RadAsyncUpload, this will upload files with the specified extensions. Please take a look into this help documentation to get further information and also take a look into this online demo.
Thanks,
Shinu.
0
Chaitanya
Top achievements
Rank 1
Rank 1
answered on 11 Jun 2014, 02:54 PM
Hi Shinu,
I had used that RadAsyncUpload control only. i used the property of AllowedFileExtensions but when we are trying to rename the file from .exe to .txt control will treat that as .txt file we have to block those files based on the real type of file. if the file is pure txt file then only i need to allow or else i need to block such malicious files
Thanks,
Chaitanya.
I had used that RadAsyncUpload control only. i used the property of AllowedFileExtensions but when we are trying to rename the file from .exe to .txt control will treat that as .txt file we have to block those files based on the real type of file. if the file is pure txt file then only i need to allow or else i need to block such malicious files
Thanks,
Chaitanya.
0
Shinu
Top achievements
Rank 2
Rank 2
answered on 30 Jul 2014, 08:58 AM
Hi Chaitanya,
As far as I know checking the file extension is the only client side solution which can prevent the user from uploading malicious files.
If you want to validate the file from Server Side, you can try the approach mentioned in the following article before saving it to the target path.
Detect Executable file or Virus during File Upload.
Prevent exe or msi to save on server even after changing extension.
Thanks,
Shinu.
As far as I know checking the file extension is the only client side solution which can prevent the user from uploading malicious files.
If you want to validate the file from Server Side, you can try the approach mentioned in the following article before saving it to the target path.
Detect Executable file or Virus during File Upload.
Prevent exe or msi to save on server even after changing extension.
Thanks,
Shinu.