check content type in asp

Discussion in 'ASP General' started by Deep, Nov 5, 2009.

  1. Deep

    Deep Guest

    Dear sir/madam
    I have to make a program in asp to upload resume. But hacker is
    uploading any type of file. I want he can upload only text file.
    I dont want to check only its extension.
    How can I do please help me.
    It's urgent.

    Thanks in Advance
    Deep, Nov 5, 2009
    #1
    1. Advertising

  2. Deep

    Evertjan. Guest

    Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.general:

    > I have to make a program in asp to upload resume.


    Are you qualified to do that?
    Do you want to resume an upload, or is it a résumé?

    > But hacker is uploading any type of file.


    Perhaps you are not qualified, Deep?

    > I want he can upload only text file.


    Why? You should not want to give a hacker anything.

    > I dont want to check only its extension.


    Contant can only be seen on the server after uploading.

    Probably your best bet is just limit the length of the file.

    Also define what a textfile is, if it is not defined by it's extension.

    > How can I do please help me.


    Learn to write code, try, and show us where you go wrong.
    Or pay a qualified programmer.
    This NG is not a helpdesk.

    > It's urgent.


    It is not to us.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Nov 5, 2009
    #2
    1. Advertising

  3. Deep

    Evertjan. Guest

    Roberto Franceschetti wrote on 10 nov 2009 in
    microsoft.public.inetserver.asp.general:
    > Deep wrote:
    > > Dear sir/madam
    > > I have to make a program in asp to upload resume. But hacker is
    > > uploading any type of file. I want he can upload only text file.
    > > I dont want to check only its extension.
    > > How can I do please help me.
    > > It's urgent.


    > Evertjan. wrote:
    >> Deep wrote on 05 nov 2009 in microsoft.public.inetserver.asp.general:
    >>
    >>> I have to make a program in asp to upload resume.

    >> Are you qualified to do that?
    >> Do you want to resume an upload, or is it a r‚sum‚?
    >>> But hacker is uploading any type of file.

    >> Perhaps you are not qualified, Deep?
    >>> I want he can upload only text file.

    >> Why? You should not want to give a hacker anything.
    >>> I dont want to check only its extension.

    >> Contant can only be seen on the server after uploading.
    >> Probably your best bet is just limit the length of the file.
    >> Also define what a textfile is, if it is not defined by it's
    >> extension.
    >>> How can I do please help me.

    >> Learn to write code, try, and show us where you go wrong.
    >> Or pay a qualified programmer.
    >> This NG is not a helpdesk.
    >>> It's urgent.

    >> It is not to us.


    [Please do not toppost on usenet]

    >> Cut the guy some slack, this is what newsgroups are for. There may be
    >> someone else with the same question in the future reading this who may
    >> find the answer useful.


    There is no "what newsgroups are for", there is only "how newsgroups came
    into being" and "how newsgroupt are generally used nowadays". Both do not
    cover your interpretation.

    And I do not think "someone else with the same question in the future
    reading" will be helped by believing that "It's urgent" is acceptable on
    usenet, as if it were a paid helpdesk.

    I agree to give the guy some slack, not to cut the leash.

    >> Going back to the original question, it's not that simple as most
    >> upload components probably won't be passing you the content type of
    >> the file being uploaded. If you (rightfully so) don't want to rely on
    >> the extension, a possible workaround is to check - let's say - the
    >> first 100 bytes of the file. If they all fall between 0x9 and 0x128
    >> chances are the file is a clear-text file without binary code. You may
    >> need to add exception of other high-order bytes that may contain other
    >> characters, but it's a start.


    That is not an answer to the OP's Q, Roberto,

    The OP specified:

    >>> I want he can upload only text file.


    Your solution is to test such file WHEN ALREADY UPLOADED,
    and then choosing wether or not to save the file serverside.

    The only way the OQ can be fulfilled is to have some clientside component,
    not so usefull in the case of a wizzy and nasty hacker.

    It is better to exclude him/her by passwording all other users.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Nov 10, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TheKeith
    Replies:
    20
    Views:
    106,375
    Chris Morris
    Oct 29, 2003
  2. hazz
    Replies:
    6
    Views:
    49,527
    SkyUCHC
    Jun 9, 2010
  3. Stanimir Stamenkov
    Replies:
    2
    Views:
    739
    Stanimir Stamenkov
    Oct 25, 2005
  4. John
    Replies:
    2
    Views:
    271
    John J. Lee
    Apr 16, 2007
  5. trint
    Replies:
    2
    Views:
    235
    Randy Webb
    Nov 16, 2006
Loading...

Share This Page