Question-and-Answer Resource for the Building Energy Modeling Community
Get started with the Help page
Ask Your Question

Revision history [back]

Can we add more allowable file types such as IDF, CSV, etc.?

Currently if we try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of not allowing arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are download at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

Can we add more allowable file types such as IDF, CSV, etc.?

Currently if we try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of not allowing blocking arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are download downloaded at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

Can we add allow more allowable file types to be uploaded, such as IDF, CSV, etc.?

Currently if we try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of blocking arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are downloaded at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

Can we allow more file types to be uploaded, such as IDF, CSV, etc.?

Currently if we try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of blocking arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype (with file on Linux or TrID on Windows) rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are downloaded at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

Can we allow more file types to be uploaded, such as IDF, CSV, etc.?

Currently if we I try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of blocking arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype (with file on Linux or TrID on Windows) rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are downloaded at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

click to hide/show revision 6
retagged

updated 2015-11-07 14:11:05 -0500

__AmirRoth__'s avatar

Can we allow more file types to be uploaded, such as IDF, CSV, etc.?

Currently if I try to upload a file type which is not a standard image file I get the following error.

image description

It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.

It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf becomes <my_file_name>.jpg, which seems to negate any security benefits of blocking arbitrary file uploads (while also providing a hacky workaround).

Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf.

I see two things that could happen:

  1. Fix the renamed file workaround by actually checking filetype (with file on Linux or TrID on Windows) rather than trusting the extension, and provide/recommend some other standard way of sharing files

  2. Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are downloaded at their own risk (as with any other file on the internet)

I'm sure there are other options but I wanted to get the idea out there.

About | Help | Privacy | Legal | Contact
Site design and logo: Copyright © 2015 Big Ladder Software LLC. All rights reserved.
The Unmet Hours and Big Ladder names and logos are trademarks of Big Ladder Software LLC.
User contributions licensed under the Creative Commons Attribution Share Alike 3.0 License.
Powered by