MyBB Community Forums
Disable upload attachments? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Disable upload attachments? (/thread-132007.html)



Disable upload attachments? - vEconomy - 2013-01-02

I am trying to prevent all possible ways of SQLi and XSS.

If normal users can upload attachments, can they upload a shell and take down a site?


RE: Disable upload attachments? - Paul H. - 2013-01-02

No, the attachment system is secure and is designed so that people can't execute files the may upload.


RE: Disable upload attachments? - Nathan Malcolm - 2013-01-02

If you really want to prevent all possible ways of your forum being exploited, simply don't run a forum at all. There will always be risks but disabling everything which might, possibly, slightly, have a chance of being vulnerable is overkill.

If shelling a forum was as easy as uploading an attachment, we wouldn't have developed the attachments system in the first place. Just stay up to date with the latest MyBB release and be sensible with what plugins you install.