MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Disable upload attachments?
Full Version: Disable upload attachments?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

vEconomy

2013-01-02, 01:57 PM
I am trying to prevent all possible ways of SQLi and XSS.

If normal users can upload attachments, can they upload a shell and take down a site?

Paul H.

2013-01-02, 07:08 PM
No, the attachment system is secure and is designed so that people can't execute files the may upload.

Nathan Malcolm

2013-01-02, 07:15 PM
If you really want to prevent all possible ways of your forum being exploited, simply don't run a forum at all. There will always be risks but disabling everything which might, possibly, slightly, have a chance of being vulnerable is overkill.

If shelling a forum was as easy as uploading an attachment, we wouldn't have developed the attachments system in the first place. Just stay up to date with the latest MyBB release and be sensible with what plugins you install.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Disable upload attachments?