I am currently developing a social networking site using RoR that uses the attachment_fu plugin to handle image uploads. I also want to enable users to upload photoshop files, but am worried about security vulnerabilities because I want other users to be able to download these photoshop files. What is to stop someone from uploading a malicious file (i.e. virus) just by changing the extension? I don''t want someone downloading a file with a virus on it from my site. Is there any way to screen files for viruses when they are uploaded in RoR? Any thoughts? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I am currently developing a social networking site using RoR that uses the attachment_fu plugin to handle image uploads. I also want to enable users to upload photoshop files, but am worried about security vulnerabilities because I want other users to be able to download these photoshop files. What is to stop someone from uploading a malicious file (i.e. virus) just by changing the extension? I don''t want someone downloading a file with a virus on it from my site. Is there any way to screen files for viruses when they are uploaded in RoR? Any thoughts? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 16 Nov 2007, at 12:10, TTDaVeTT wrote:> I am currently developing a social networking site using RoR that uses > the attachment_fu plugin to handle image uploads. I also want to > enable users to upload photoshop files, but am worried about security > vulnerabilities because I want other users to be able to download > these photoshop files. What is to stop someone from uploading a > malicious file (i.e. virus) just by changing the extension? I don''t > want someone downloading a file with a virus on it from my site. Is > there any way to screen files for viruses when they are uploaded in > RoR? Any thoughts? Thanks.Use the callbacks of attachment_fu that are executed after the upload (my mind''s focussed on other stuff right now, so the exact method name doesn''t come to mind) and run the file through ClamAV via the ´commandline command´ or system ruby calls. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
TTDaVeTT wrote:> I don''t > want someone downloading a file with a virus on it from my site. Is > there any way to screen files for viruses when they are uploaded in > RoR? Any thoughts? Thanks.Have you considered using ClamAv? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I am currently developing a social networking site using RoR that uses the attachment_fu plugin to handle image uploads. I also want to enable users to upload photoshop files, but am worried about security vulnerabilities because I want other users to be able to download these photoshop files. What is to stop someone from uploading a malicious file (i.e. virus) just by changing the extension? I don''t want someone downloading a file with a virus on it from my site. Is there any way to screen files for viruses when they are uploaded in RoR? Any thoughts? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---