By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,950 Members | 1,839 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,950 IT Pros & Developers. It's quick & easy.

Protecting an online file manager system for students

P: 6
I'm making a a system for my school to allow students to have some online space to store their school files on.

It has a basic upload / create folder / download / delete bit, it also has a 'submit work to teacher bit that copies their file into their teachers folder in the correct year group.

My question is this: I'm not really expecting students to abuse it but you never know, what sort of things should I look out for to stop students buggering around with other students files / the website files? (this system is hosted in the same place as the school website)

It uses a logon / session variables to keep people out, and will eventually have a SSL secure login page - I hope this is enough to protect the system from external attack!

I've made part of the upload section look at the file extension and doesn't allow asp, php and exe files. Are there any other files I should check for (it is a windows server)
I've done this becuase students could upload a page, which if they can find it, could be used to delete important files!

I'm fairly confident that it will be ok but wondered if someone had anything else to consider?

Thank you,

Jon Kemm
Apr 25 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi there,
You probably want to make sure it's protected from SQL injection - and that any data captured is put into variables first. These two activities should filter out the undesirables.
Cheers,
Al.
Oct 25 '10 #2

Post your reply

Sign in to post your reply or Sign up for a free account.