6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"prevention of exe file upload in a website\",\"text\":\"

Can somebody tell me how to prevent exe file from being uploaded in a website , even if exe file is inside zip file( exe file in a new folder and new folder is then zipped and uploaded)?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Niraj CHoubey\"},\"upvoteCount\":3,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Allow the users to upload the file (if is ZIP) and do a server-side check by unpacking the archive and evaluating its content.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Victor Hurdugaci\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","asp.net",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/asp.net/1","children":"asp.net"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/3313caa293b76dd03fec05d90fc5c269?s=256&d=identicon&r=PG","alt":"Niraj CHoubey","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/333371/niraj-choubey","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Niraj CHoubey"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",467]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"prevention of exe file upload in a website"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Can somebody tell me how to prevent exe file from being uploaded in a website , even if exe file is inside zip file( exe file in a new folder and new folder is then zipped and uploaded)?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",3]}],["$","p",null,{"children":["Views: ",3205]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","2814531",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/415faa2c63f4aa365d6fb3b746815f7b?s=256&d=identicon&r=PG","alt":"Bryan","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/22033/bryan","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Bryan"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",8788]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Short answer: you can't.
\nPedantic answer: Don't have users upload files.

\n\n

Long answer:\nWhat code is handling this uploaded file? What are you doing with it? This is where the security needs to happen. You can explicitly check the file extension in the post handler, but that only gets you so far, as you've already determined.

\n\n

Some tips:\n-Drop files in a secure location outside the web root.
\n-Don't give your ASP.NET process user more permissions than it needs\n-Give them unique server-generated names and proper extensions.
\n-Do not call Shell.Execute on user-uploaded files. Duh.

\n\n

What exactly are you trying to prevent here? Your question is difficult to answer as-is.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}],["$","div","2809292",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/cbf6917a7f41a098677c63e32bfba873?s=256&d=identicon&r=PG","alt":"Victor Hurdugaci","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/149064/victor-hurdugaci","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Victor Hurdugaci"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",28425]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Allow the users to upload the file (if is ZIP) and do a server-side check by unpacking the archive and evaluating its content.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","6931208",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6931208","className":"text-blue-600 hover:underline","children":"how to prevent uploading of exe file in asp.net mvc"}]}],["$","li","32078349",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32078349","className":"text-blue-600 hover:underline","children":"How can I get IIS to prevent script execution in a file upload directory?"}]}],["$","li","22957862",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/22957862","className":"text-blue-600 hover:underline","children":"Preventing a user from uploading an executable file or script in a given folder"}]}],["$","li","6376023",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6376023","className":"text-blue-600 hover:underline","children":"How to prevent Malicious File Execution in ASP.NET"}]}],["$","li","12864441",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12864441","className":"text-blue-600 hover:underline","children":"File upload security Concern"}]}],["$","li","7843065",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7843065","className":"text-blue-600 hover:underline","children":"asp.net - prevent downloading a specific file"}]}],["$","li","6372587",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6372587","className":"text-blue-600 hover:underline","children":"asp.net: prevent files from bots"}]}],["$","li","4532002",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4532002","className":"text-blue-600 hover:underline","children":"how to stop asp.net from uploading posted file"}]}],["$","li","2822521",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2822521","className":"text-blue-600 hover:underline","children":"exe file upload prevention"}]}],["$","li","776201",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/776201","className":"text-blue-600 hover:underline","children":"How to prevent the uploading of Warez. (asp.net, C#)"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

prevention of exe file upload in a website

Answers (2)

Related Questions