A list of professionally useful and safe file types?

Question

A list of professionally useful and safe file types?

I have a system in which users can download, well, anything - and these files are available to other users.

I need to come up with a list of file types that are really necessary for professionals in different industries who are safe from hacking / viruses, etc.

.doc.docx.gif.jpg.jpeg.mpg.mpeg.mp3.odt.odp.ods.pdf.ppt.pptx.tif.tiff.txt.xls.xlsx.wav

What other types of files do you know are they useful and safe?

Explanation

Many comments and answers require a clearer definition of "safe from hacking / viruses." I ask the question with this level of detail, because I don’t have such a complicated understanding of file types and their risks as many of you do, and I would like to be guided by 1) any types of files that can protect my site, and 2) if they are If there are no “safe” file types, then there are any tips on how to move forward with a system that allows you to flexibly upload and share files.

If any malicious file can be packaged as a file that seems safe, how can I protect my users?

+4

security ruby-on-rails file-type whitelist

sscirrus May 10, '11 at 17:54

source share

7 answers

No filetype is safe if the program you use to open it is poorly written (either carelessly or evil-y).

+3

James May 10, '11 at 18:05

source share

For "useful" you need to ask your customers.

There isn’t such a thing for safe, because the file extension is just the part of the file name that gives an offer of that type of file. It does not have to accurately represent the type and is easy to manipulate.

+1

Davy8 May 10 '11 at 18:11

source share

Instead of protection based on file type. I get a third-party version to scan each file on upload. Reject those identified as positive.

+1

Johnno nolan May 10, '11 at 19:41

source share

There are no safe files. Is plain text file safe? For example, with content:

 format c:

if some program can execute the contents of the file ... you get the idea.

So, these are not safe files - only restrictions on the RUN (program) code. (And I understand if this answer is not like.) :)

+1

jm666 May 10, '11 at 22:24

source share

The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A

0

meouw May 10, '11 at 17:59

source share

Well, you can include all data files and exclude all executable files / script. One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm

You can look at other sources to cover them.

Edit: for the second part of the question regarding sequrity- It would be better if a lot of malware were installed on the server to scan every message - they are intended for this specialized task, use them. In any case, the executable is not professional unless people are looking for jailbroken files.

0

d-live May 10 '11 at 18:26

source share

ryanprayogo · Accepted Answer · 2011-05-10T17:57:29+0000

You cannot assume that all files with a given extension are protected from viruses.

I can easily rename the malicious executable to .doc and “crack” your system.

EDIT:

There is no (simple?) Way to check if a user uploaded file is malicious or not.

The application you create is no different from any other file sharing sites (Rapidshare, Megaupload, etc.).

Nothing prevents anyone from uploading malicious files to these websites.

A list of professionally useful and safe file types?

Explanation

More articles: