专业有用且安全的文件类型列表?

发布于 2024-11-06 09:58:45 字数 478 浏览 6 评论 0原文

我有一个系统,用户可以上传任何东西,而且这些文件可供其他用户使用。

我需要列出不同行业的专业人士真正需要的文件类型列表,这些文件类型可以免受黑客/病毒等的侵害。

.doc .docx .gif .jpg .jpeg .mpg 。 mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav

您还知道哪些其他既有用又安全的文件类型?

澄清

许多评论和回复都要求对“免受黑客攻击/病毒侵害”有更清晰的定义 - 我提出这个问题的细节正是如此,因为我对文件类型及其风险的了解并不像许多人那样深入你们中的一些人这样做,我希望获得以下方面的指导:1) 任何可以使我的网站更安全的文件类型,以及 2) 如果没有“安全”文件类型,那么有关如何继续前进的任何建议具有允许灵活上传的系统和文件共享。

如果确实可以将任何恶意文件打包为看似安全的文件,那么我如何保护我的用户?

I have a system where users can upload, well, anything really - and these files are available to other users.

I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.

.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav

What other file types do you know of that are both useful and safe?

Clarification

Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.

If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

記憶穿過時間隧道 2024-11-13 09:58:45

如果您用来打开文件类型的程序编写得不好(或粗心或邪恶),则没有文件类型是安全的。

No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.

左秋 2024-11-13 09:58:45

您不能假设具有给定扩展名的所有文件都不会受到“病毒”的侵害。

我可以轻松地将恶意可执行文件重命名为 .doc 并“破解”您的系统。

编辑:

没有(简单?)方法来检查用户上传的文件是否是恶意的。

您正在创建的应用程序与任何其他文件共享网站(Rapidshare、Megaupload 等)没有什么不同。

没有什么可以阻止任何人将恶意文件上传到这些网站。

You can't assume that all files with a given extension is safe from 'viruses'.

I can easily rename a malicious executable to .doc and 'hack' your system.

EDIT:

There is no (simple?) way to check whether a user-uploaded file is malicious or not.

The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).

There is nothing stopping anyone to upload malicious files to those websites.

扛起拖把扫天下 2024-11-13 09:58:45

安全文件不存在。普通的文本文件安全吗?例如,对于内容:

format c:

如果某个程序可以执行文件的内容......您就明白了。

因此,这里不是安全文件 - 仅限制 RUN 代码(程序)。 (如果这个答案不喜欢,我理解。):)

Safe files does not exists. The ordinary text file is safe? For example with content:

format c:

if some program can execute a content of the file... you get the idea.

So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)

是你 2024-11-13 09:58:45

对于“有用”,您需要询问您的客户。

为了安全起见,不存在这样的事情,因为文件扩展名只是文件名的一部分,它给出了文件类型的建议。它不需要准确地表示类型,并且易于操作。

For "useful" you'll need to ask your customers.

For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.

冷血 2024-11-13 09:58:45

而不是根据文件类型进行保护。我会让第三方对上传的每个文件进行病毒扫描。拒绝那些被确定为阳性的人。

Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.

放飞的风筝 2024-11-13 09:58:45

这个清单简直无穷无尽!快速搜索发现 http://filex.com/alphalist.php?extstart=^A

The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A

情绪失控 2024-11-13 09:58:45

那么您可以包含所有数据文件并排除所有可执行/脚本文件。
可执行文件扩展名列表如下: http://pcsupport.about.com/ od/tipstricks/a/execfileext.htm

您可以查看其他来源来提高覆盖范围。

编辑:对于解决顺序问题的第二部分 -
最好在服务器上安装一堆反恶意软件来检查每个提交 - 它们是为这项专门任务而设计的,请使用它们。无论如何,只要人们不寻找破解软件,任何可执行文件都没有专业用途。

Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm

you may look other sources to inprove coverage.

Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文