I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, 开发者_高级运维how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files. One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity- It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论