Educause Security Discussion mailing list archives
Re: uploading application content to CMS system
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 6 Nov 2008 13:26:45 +1300
On 5/11/2008, at 11:24 AM, Russell Fulton wrote:
Hi folks we are using Jahia to implement a new Content Management System for our major web presence. And, unsurprisingly, departments want to upload all sorts of application content -- from word docs to flash movies -- some of this content may come from students. We intend scanning all content that isn't straight html for malware before accepting it, does anyone have any other suggestions for mitigating the risk of accepting malicious content.
From my colleague Bojan Zdrnja who is currently in Europe: Use a Flash decompiler, if possible, and scan for embedded URLs. This would depend on the purpose of the upload form but this what imageshack.us uses to detect Flash movies uploaded by spammers. Russell
Current thread:
- uploading application content to CMS system Russell Fulton (Nov 04)
- <Possible follow-ups>
- Re: uploading application content to CMS system Russell Fulton (Nov 05)