security question

2 posts, 0 answers
  1. Albert Shenker
    Albert Shenker avatar
    579 posts
    Member since:
    Mar 2004

    Posted 13 Apr 2011 Link to this post

    Can anyone tell me what the security ramifications of using RadAsyncUpload to upload files to a server are, depending on whether Flash is disabled, etc. For instance, if someone were to try an upload a malicious file with a benign file extension would the specific process by which the file is manipulated by the RadAsyncUpload control render the file harmless... or do specific security precautions need to be taken both on the final destination director and the RadUploadTemp Directory to make sure malicous files cannot do harm? 
  2. Genady Sergeev
    Admin
    Genady Sergeev avatar
    1600 posts

    Posted 18 Apr 2011 Link to this post

    Hi Albert Shenker,

    RadAsyncUpload does not perform analysis on whether the uploaded file content matches the extension or not. I guess that third party libraries/software can be used in order to scan the uploaded files for a malicious behavior.

    Regards,
    Genady Sergeev
    the Telerik team

    Browse the vast support resources we have to jump start your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.

Back to Top