Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

check content type in asp

0 views
Skip to first unread message

Deep

unread,
Nov 5, 2009, 2:21:27 AM11/5/09
to
Dear sir/madam
I have to make a program in asp to upload resume. But hacker is
uploading any type of file. I want he can upload only text file.
I dont want to check only its extension.
How can I do please help me.
It's urgent.

Thanks in Advance

Evertjan.

unread,
Nov 5, 2009, 3:46:20 AM11/5/09
to
Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.general:

> I have to make a program in asp to upload resume.

Are you qualified to do that?
Do you want to resume an upload, or is it a r�sum�?

> But hacker is uploading any type of file.

Perhaps you are not qualified, Deep?

> I want he can upload only text file.

Why? You should not want to give a hacker anything.

> I dont want to check only its extension.

Contant can only be seen on the server after uploading.

Probably your best bet is just limit the length of the file.

Also define what a textfile is, if it is not defined by it's extension.

> How can I do please help me.

Learn to write code, try, and show us where you go wrong.
Or pay a qualified programmer.
This NG is not a helpdesk.

> It's urgent.

It is not to us.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Roberto Franceschetti

unread,
Nov 9, 2009, 9:22:00 PM11/9/09
to
Cut the guy some slack, this is what newsgroups are for. There may be
someone else with the same question in the future reading this who may
find the answer useful.


Going back to the original question, it's not that simple as most upload
components probably won't be passing you the content type of the file
being uploaded. If you (rightfully so) don't want to rely on the
extension, a possible workaround is to check - let's say - the first 100
bytes of the file. If they all fall between 0x9 and 0x128 chances are
the file is a clear-text file without binary code. You may need to add
exception of other high-order bytes that may contain other characters,
but it's a start.

...Just an idea.

--
Roberto Franceschetti
LogSat Software
Makers of Spam Filter ISP
http://www.logsat.com

Deep wrote:
> Dear sir/madam
> I have to make a program in asp to upload resume. But hacker is
> uploading any type of file. I want he can upload only text file.


> I dont want to check only its extension.

> How can I do please help me.

> It's urgent.
>
> Thanks in Advance

--
Roberto Franceschetti
LogSat Software
Makers of Spam Filter ISP
http://www.logsat.com

Evertjan.

unread,
Nov 10, 2009, 4:20:48 AM11/10/09
to
Roberto Franceschetti wrote on 10 nov 2009 in
microsoft.public.inetserver.asp.general:
> Deep wrote:
> > Dear sir/madam
> > I have to make a program in asp to upload resume. But hacker is
> > uploading any type of file. I want he can upload only text file.
> > I dont want to check only its extension.
> > How can I do please help me.
> > It's urgent.

> Evertjan. wrote:


>> Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.general:
>>
>>> I have to make a program in asp to upload resume.
>> Are you qualified to do that?
>> Do you want to resume an upload, or is it a r�sum�?
>>> But hacker is uploading any type of file.
>> Perhaps you are not qualified, Deep?
>>> I want he can upload only text file.
>> Why? You should not want to give a hacker anything.
>>> I dont want to check only its extension.
>> Contant can only be seen on the server after uploading.
>> Probably your best bet is just limit the length of the file.
>> Also define what a textfile is, if it is not defined by it's
>> extension.
>>> How can I do please help me.
>> Learn to write code, try, and show us where you go wrong.
>> Or pay a qualified programmer.
>> This NG is not a helpdesk.
>>> It's urgent.
>> It is not to us.

[Please do not toppost on usenet]

>> Cut the guy some slack, this is what newsgroups are for. There may be
>> someone else with the same question in the future reading this who may
>> find the answer useful.

There is no "what newsgroups are for", there is only "how newsgroups came
into being" and "how newsgroupt are generally used nowadays". Both do not
cover your interpretation.

And I do not think "someone else with the same question in the future
reading" will be helped by believing that "It's urgent" is acceptable on
usenet, as if it were a paid helpdesk.

I agree to give the guy some slack, not to cut the leash.

>> Going back to the original question, it's not that simple as most
>> upload components probably won't be passing you the content type of
>> the file being uploaded. If you (rightfully so) don't want to rely on
>> the extension, a possible workaround is to check - let's say - the
>> first 100 bytes of the file. If they all fall between 0x9 and 0x128
>> chances are the file is a clear-text file without binary code. You may
>> need to add exception of other high-order bytes that may contain other
>> characters, but it's a start.

That is not an answer to the OP's Q, Roberto,

The OP specified:

>>> I want he can upload only text file.

Your solution is to test such file WHEN ALREADY UPLOADED,
and then choosing wether or not to save the file serverside.

The only way the OQ can be fulfilled is to have some clientside component,
not so usefull in the case of a wizzy and nasty hacker.

It is better to exclude him/her by passwording all other users.

0 new messages