WebApp Sec mailing list archives
Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning
From: 0x4150 <0x4150 () gmail com>
Date: Fri, 9 Jul 2010 17:31:37 -0500
Danux, The transfer (up and down) will have to be HTTPS as the file contains sensitive information.
Apart from Content-type header in the response, also make sure to use HTTP instead of HTTPS when sending the file to the end user, this way, there is a change that another security control like IDS/IPS can catch the file while flowing back to the end user through the network.
Robert, Thanks for that awesome explanation! +1 Kudos This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- [Web Security] File Upload Virus Scanning 0x4150 (Jul 09)
- Message not available
- Message not available
- Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning 0x4150 (Jul 09)
- Message not available
- Message not available