Does “File Upload” create a security vulnerability?

  • Resolved jlehrer

    (@jlehrer)


    7 years, 6 months ago

    My client asks: does the File Upload component create the ability for someone to upload malicious content to our site? Can I reassure him that this is not possible?

    • This topic was modified 7 years, 6 months ago by jlehrer.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi there. The Pro version has this feature. In theory any user with access to your form that uploads any files that are permitted from the Upload fields settings. With that being said, there are settings that can resist the Upload to only accept .jpg files and such.
    Feel free to give it a go. You can find our demo site below.
    https://demo.vfbpro.com/

    Thanks!
    Shane
    VFB

    Thread Starter jlehrer

    (@jlehrer)

    Shane, many thanks for your response, but I don’t quite understand. Are you saying the Pro version has more security than the free version? Where is this explained on your website? Is the File Upload function on the Pro version different from the free version?

    Thanks, much!

    No problem, glad I could help. Both the free and the Pro version will have the same security measures for the upload fields. At least with the Pro version you have hooks to change the directory that the uploads are placed in, but on both you can restrict what gets uploaded.

    Thanks!
    Shane
    VFB

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Does “File Upload” create a security vulnerability?’ is closed to new replies.