Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

ASP.NET - Concerned about File upload security

Avatar of GlobaLevel
GlobaLevelFlag for United States of America asked on
SecurityVulnerabilitiesASP.NET
3 Comments1 Solution347 ViewsLast Modified:
I am using the following code to upload files ...but I am concerned about security in the sense that its available to the public and I want to be sure only certain extentions can be user...txt or .csv...they are upload address info..but if a hacker comes along...they could upload a file that take over the system..any code to protect ..ideas?

FYI..the whole site has SSL on it..if that makes a difference...
<html>
<head>

    <script language="VB" runat="server">
    
    Sub Button1_Click(sender As Object, e As EventArgs)
        
        if FileUpLoad1.HasFile
            'Uncomment this line to Save the uploaded file
            'FileUpLoad1.SaveAs("C:\SomePhysicalPath" & FileUpLoad1.Filename)
            Label1.Text = "Received " & FileUpLoad1.FileName & " Content Type " & FileUpLoad1.PostedFile.ContentType & " Length " & FileUpLoad1.PostedFile.ContentLength
        else
            Label1.Text = "No uploaded file"
        end if    
        
    end sub
        
    </script>

</head>
<body>

    <h3><font face="Verdana">File Upload</font></h3>

    <form runat=server>

        <asp:FileUpLoad id="FileUpLoad1" AlternateText="You cannot upload files" runat="server" />
        <asp:Button id="Button1" Text="Upload" OnClick="Button1_Click" runat="server" />
        <asp:Label id="Label1" runat="server" />
    </form>

</body>
</html>
ASKER CERTIFIED SOLUTION
Avatar of Jerry Miller
Jerry MillerFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answers