468,770 Members | 2,415 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,770 developers. It's quick & easy.

Protecting an online file manager system for students

I'm making a a system for my school to allow students to have some online space to store their school files on.

It has a basic upload / create folder / download / delete bit, it also has a 'submit work to teacher bit that copies their file into their teachers folder in the correct year group.

My question is this: I'm not really expecting students to abuse it but you never know, what sort of things should I look out for to stop students buggering around with other students files / the website files? (this system is hosted in the same place as the school website)

It uses a logon / session variables to keep people out, and will eventually have a SSL secure login page - I hope this is enough to protect the system from external attack!

I've made part of the upload section look at the file extension and doesn't allow asp, php and exe files. Are there any other files I should check for (it is a windows server)
I've done this becuase students could upload a page, which if they can find it, could be used to delete important files!

I'm fairly confident that it will be ok but wondered if someone had anything else to consider?

Thank you,

Jon Kemm
Apr 25 '07 #1
1 1331
Hi there,
You probably want to make sure it's protected from SQL injection - and that any data captured is put into variables first. These two activities should filter out the undesirables.
Oct 25 '10 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

7 posts views Thread by Shawn | last post: by
1 post views Thread by Chris Pratt | last post: by
9 posts views Thread by Lucas | last post: by
2 posts views Thread by Jeff Williams | last post: by
25 posts views Thread by doznot | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Marin | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.