Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an application that allows users to upload content to Amazon S3. I was curious if there are certain file types I should be black listing for security reasons?
Would an .exe or any other runnable file be able to compromise my service or user’s personal data?
I would guess there would be no way for any uploaded file to actually run, but I wanted to make sure before uploading the flood gates.
Nothing should be able to compromise your service assuming it is written properly. if your concern is that user’s data will be corrupted while stored on S3, no, that shouldn’t be possible. S3 is basically a network storage device. It can’t execute anything.
Basically, if you treat the files as chunks of data, and never execute or interpret the data in any way, you should be fine. I’d be more worried about the more “standard” ways a web service might be vulnerable.
I should add, just to cover myself, that without knowing the details of what you are doing, it is impossible to answer your question with 100% certainty.