Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A list of professionally-useful and safe file types?

I have a system where users can upload, well, anything really - and these files are available to other users.

I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.

.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav

What other file types do you know of that are both useful and safe?

Clarification

Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.

If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?

like image 853
sscirrus Avatar asked May 10 '11 17:05

sscirrus


3 Answers

No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.

like image 76
James Avatar answered Oct 19 '22 23:10

James


You can't assume that all files with a given extension is safe from 'viruses'.

I can easily rename a malicious executable to .doc and 'hack' your system.

EDIT:

There is no (simple?) way to check whether a user-uploaded file is malicious or not.

The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).

There is nothing stopping anyone to upload malicious files to those websites.

like image 22
ryanprayogo Avatar answered Oct 19 '22 23:10

ryanprayogo


Safe files does not exists. The ordinary text file is safe? For example with content:

format c:

if some program can execute a content of the file... you get the idea.

So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)

like image 33
jm666 Avatar answered Oct 20 '22 00:10

jm666