Download and extract the archive (zip, rar, targz, tarbz) automatically - a security problem?

Question

Download and extract the archive (zip, rar, targz, tarbz) automatically - a security problem?

I would like to create the following functions for my web application:

the user uploads the archive file (zip / rar / tar.gz / tar.bz, etc.) (contents - multiple image files)
archive is automatically extracted after loading
images are displayed in the HTML list (independently)

Are there any security issues associated with the extraction process? For example. the ability to execute malicious code contained in downloaded files (or a well-prepared archive file), or?

+5

security upload archive

gorsky Dec 14 '09 at 21:26

source share

2 answers

Medrdad : , , . zip , Java ( ), " " . ( GIFAR, ZIP , Java PlugIn/WebStart.) , , , . , - , ( ). , , , , . (, ../ ).

( ):

.
IP-.
, .
- ZipInputStream , .
, chroot gaol.
.
IDS ( , - , IDS C!).

+3

Tom Hawtin - tackline 14 . '09 22:22

Mehrdad Afshari · Accepted Answer · 2009-12-14T21:27:55+0000

, , , , (zip-). , , , , , .

, , zip (.php, .asp, .aspx,...) HTTP, , , .

Download and extract the archive (zip, rar, targz, tarbz) automatically - a security problem?

More articles: