So I did some research on checking an uploaded pdf for viruses and I found these 2 solutions:
Save the file to the hard disk, let the antivirus quarantine/delete it if it was infected, then check if the file still exists on the disk.
Use an antivirus that supports calling it through .net and scan the file
What I am thinking instead is to read the uploaded pdf file stream using something like iTextSharp then writing a new file but after stripping any macros.
One of the benefits would be making sure that the uploaded file is a pdf since it will be parsed by the iTextSharp, but would it also protect it from viruses?
Related
I am having hard time figuring out how to get the file InputStream from file upload Post request to server, before it gets completely loaded into memory.
This is not problematic for smaller files, but I am worried what happens after trying to upload a larger file (1 or more GB). I found a possible solution with using HttpContext.Request.GetBufferlessInputStream(true), but this stream includes the whole request not just the uploading file and if I use it to upload a file for example into the Azure Blob Storage or anywhere else I end up with the corrupted file. I also lose all the information about the file (file name, size, etc.).
Is there any convenient way of uploading a large file to server without filling its memory? I would like to get the stream and then use it to upload a file anywhere in chunks.
Thank you.
I used DevExpress UploadControl for a similar task. It supports large file upload by chunks. A temporary file is saved on a server hard drive and you can get it using FileSteam without full loading in server memory. It also supports direct upload to Azure, Amazon and Dropbox.
The same is true for their MVC Upload control.
We have a legacy ASP.NET application that allows users to export the contents of a GridView control to Excel. This was achieved using this technique.
Recently, users have complained that they are unable to open their downloaded files in Excel. I tried it myself and discovered that Windows was blocking the downloaded file, preventing Excel from opening it.
It looks like Windows now regards XLS files that have been created from web page content as suspect. Is this the result of a recent Windows update? And is this technique of creating Excel files from web pages not recommended?
Correct, recent updates have broken this behavior (thanks to Nikki9696 for the article).
There are three workarounds listed:
Stop using HTML files masquerading as XLS
Unblock access to individual files (client side solution)
or add the source of the files to the Trusted Locations list in Excel (client side solution)
The best thing to do is #1. You should not be serving files with one data type as another file type. It's always generated a warning for users. Many Office clients that otherwise know how to open XLS files (such as Office for iPad) will choke when presented with an HTML file masquerading as XLS.
Instead, use a library to generate a modern XLSX file (which can be opened by Office 2003 and newer). There are several solutions such as EPPlus, NPOI, and Open XML SDK.
In the future, be careful to use supported solutions rather than cobbling together a hack like serving a file with the wrong extension.
I'm developing an application using Adobe Flex 4.5 SDK, in which the user would be able to export multiple files bundled in one zip file. I was thinking that I must need to take the following steps in order for performing this task:
Create a temporary folder on the server for the user who requested the download. Since it is an anonymous type of user, I have to read Sate/Session information to identify the user.
Copy all the requested files into the temporary folder on the server
Zip the copied file
Download the zip file from the server to the client machine
I was wondering if anybody knows any best-practice/sample-code for the task
Thanks
The ByteArray class has some methods for compressing, but this is more for data transport, not for packaging up multiple files.
I don't like saying things are impossible, but I will say that this should be done on the server-side. Depending on your server architecture I would suggest sending the binary files to a server script which could package the files for you.
A quick google search for your preferred server-side language and zipping files should give you some sample scripts to get you started.
In my application,user can upload some doc files to the server,and I want user who do not install ms office can read these documents,so I want to convert the .doc to html and then save the html(binary stream) to oracle db.
I wonder if there is a best pratice to implement this?
Someone tell me to use the com object provoided by the office assembly,it seems that it will transfer the .doc file to a .html file,so I have to save the .html file to db and delete the temp .html file,I want to know if I can save it in db directly?
You might need to give everyone a bit more information...
I assume you're using a server side technology? Which one?
What database are you using?
The chances are if the COM object is writing it to a file, you will - like you say, just need to copy that into the DB, and delete the temp file.
IMHO - There should be nothing wrong with saving to temp file and outputting that to DB (if you could save to memory that would be even better!)
I'm working on an asp.net /c# app
I need my app to allow users to upload .XLS files (located on the user machine).
How can i read data from the .XLS file but without saving the file on server?
tks
In order to be able to do something with the file on the server (eg using ASP.net ) you will have to at least temporarily save the file on the server. Although an apache module might let you interupt the stream as it is uploaded, but thats probably a bit ott.
There MAY be something you could do in Javascript but I doubt it.
An idea would be to parse .csv files, if it possible. I can send example.
Also you can parse .XLS files through interop excel dll. But it very slow method.