473,322 Members | 1,398 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Protecting an online file manager system for students

I'm making a a system for my school to allow students to have some online space to store their school files on.

It has a basic upload / create folder / download / delete bit, it also has a 'submit work to teacher bit that copies their file into their teachers folder in the correct year group.

My question is this: I'm not really expecting students to abuse it but you never know, what sort of things should I look out for to stop students buggering around with other students files / the website files? (this system is hosted in the same place as the school website)

It uses a logon / session variables to keep people out, and will eventually have a SSL secure login page - I hope this is enough to protect the system from external attack!

I've made part of the upload section look at the file extension and doesn't allow asp, php and exe files. Are there any other files I should check for (it is a windows server)
I've done this becuase students could upload a page, which if they can find it, could be used to delete important files!

I'm fairly confident that it will be ok but wondered if someone had anything else to consider?

Thank you,

Jon Kemm
Apr 25 '07 #1
1 1478
Hi there,
You probably want to make sure it's protected from SQL injection - and that any data captured is put into variables first. These two activities should filter out the undesirables.
Cheers,
Al.
Oct 25 '10 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: John Morgan | last post by:
I have an online SQL Server database provided by an ISP. I do not have permission to create a backup device and I understand this is normal practice. I am not using Enterprise Manager to...
7
by: Shawn | last post by:
Hi. I have a folder that contains a lot of different documents. xls, .doc, .pdf etc. Different users have access to different documents. The problem is that if a user knows the name of a...
1
by: Chris Pratt | last post by:
Hi all We are a college and are looking to allow remote file access to students. We want them to log in over the web and the have access to a file manager. So they can download files from their...
9
by: Lucas | last post by:
Hi, I have an ASP.Net application and I'd like to know about how to protect it from Software Piracy. Are there some alternatives to do that? Thanks a lot LucasC
5
by: Pulpet | last post by:
Hello, I wrote some complicated functions (and stored procedures) in database at my work. System administrator (and every db user) can view codes (in Enterprise Manager for eg.). My employer needs...
3
by: Begreen | last post by:
Hi All, I wrote a java program which outputs a xml file! But I would prefer this program to insert the DTD code on the fly, in the xml file when created! I want the xml file to look like...
2
by: Jeff Williams | last post by:
I am developing an application which will allow users (students) to run applications on PC's with elevated rights. This is necessary for some applications which require Administrator rights on the...
3
by: Porkie999 | last post by:
-----------------------------------------------------------------------QUESTION hi i am really stuck with this and its only a small problem. i want to be able to type ......... dsfsjfjsjjfs in...
25
by: doznot | last post by:
Let's say you want to use Moodle to teach an introductory class in PHP programming. Some of the students have little or no computer experience. In addition to background reading and...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.