471,114 Members | 1,459 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,114 software developers and data experts.

Protecting an online file manager system for students

I'm making a a system for my school to allow students to have some online space to store their school files on.

It has a basic upload / create folder / download / delete bit, it also has a 'submit work to teacher bit that copies their file into their teachers folder in the correct year group.

My question is this: I'm not really expecting students to abuse it but you never know, what sort of things should I look out for to stop students buggering around with other students files / the website files? (this system is hosted in the same place as the school website)

It uses a logon / session variables to keep people out, and will eventually have a SSL secure login page - I hope this is enough to protect the system from external attack!

I've made part of the upload section look at the file extension and doesn't allow asp, php and exe files. Are there any other files I should check for (it is a windows server)
I've done this becuase students could upload a page, which if they can find it, could be used to delete important files!

I'm fairly confident that it will be ok but wondered if someone had anything else to consider?

Thank you,

Jon Kemm
Apr 25 '07 #1
1 1398
Hi there,
You probably want to make sure it's protected from SQL injection - and that any data captured is put into variables first. These two activities should filter out the undesirables.
Oct 25 '10 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

7 posts views Thread by Shawn | last post: by
1 post views Thread by Chris Pratt | last post: by
9 posts views Thread by Lucas | last post: by
2 posts views Thread by Jeff Williams | last post: by
25 posts views Thread by doznot | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.