AppGini Community Forums

I notice that ZIP is not one of the pre-configured upload file type options in Appgini?

ZIP would be incredibly handy as multiple files could be compressed and added to the one upload field, rather than requiring multiple upload fields.

I know how to include ZIP to Appgini as an approved file type but I was wondering if ZIP files would present any major potential security issue?

I realise malicious file types could be contained in the zip file but these files wouldn't be extracted on the server, just stored and available for download. Would it be possible to extract an uploaded zip file to the server?

In my case, there is no anonymous Users and all user access is manually approved, so I have reasonable control over what might be uploaded and by who.

I've done some reading and see conflicting answers on zip upload security. Does anybody have any comment or know any reason why zip is NOT a good option for file uploads? Thanks.

I don't see a direct security threat to the server from allowing zip file uploads, specially if all users are manually approved as in your case. If the PC of one of the users is infected, he might of course unknowingly include some infected files into the zip file being uploaded, thus possibly infecting other users who download it later. You can either warn users to make sure their anti-virus software is up to date, or take the extra step of installing some anti-virus software on your server (ClamAV for example for linux servers) and run a daily scan of the uploads folder (through a cron job) and remove any malicious uploads.

Thanks Ahmad. That was my thoughts too. Your opinion is much appreciated.

Hi,
While I can understand the concern if this were an "open" system, website where non-vetted users could upload malicious code/viruses in a zip, but in applications like this creates that's rarely the case. My circumstance is a perfect example, I MUST be able to upload zip files, for when packaging e-learning courses using the SCORM standard, packages MUST use the PKZIP 2.4G archive standard, an older zip format, but still standard in most unzipping programs. If I can't get it to allow uploading of ZIP files, then I won't even be able to use AppGini at all. Add to this, each zip file must be unzipped into its own unique directory, either by its file name, a created GUID or an entry field which would allow the uploader to create the directory name which would be written to the DB. Whether a flash-based course or HTML-based, there is a starting file used to start viewing the course, that would also have to be identified through a file browse or other function, so that other users can click a hyperlinked entry and that file would open in a new window so they can review the course, while a child window would open with a ticket or comment window so they can make comments pages by page, and once submitted, that record entry would be sent to all other team members assigned to that course so they can address/fix the problem. I bought AppGIni due to the clean look of the output using bootstrap, the simplicity of it, and what looked to be a means to extend functionality, but if these extensions prove too difficult, then I'm going to have to go another direction, so I'm hoping I can find the right "hooks" or means to customize the operations for what I need.

To add zip as an approved file type for upload fields in Appgini, simply edit the "filesTypes.cfg" file in your AppGini program (that's the program itself, not the generated Appgini files) and add zip as an option.

This will of course only add zip to any future generated Appgini project files.

You will typically find filesTypes.cfg located in C:\Program Files (x86)\AppGini\add-ons\fileTypes.cfg on a default installation. Otherwise, it will be in whatever folder you installed AppGini to.

The file looks like this:
csv|xls|xlsx|xlsm|ods
txt|doc|docx|docm|odt|pdf|rtf
mov|avi|swf|asf|wmv|mpg|mpeg
mp3|wav|mid|midi|wma

Just edit and save it to:
csv|xls|xlsx|xlsm|ods
txt|doc|docx|docm|odt|pdf|rtf|zip
mov|avi|swf|asf|wmv|mpg|mpeg
mp3|wav|mid|midi|wma

You can also edit exisiting generated Appgini files to include zip without regenerating the files by opening the tablename.dml file and find/replace all instances of 'txt|doc|docx|docm|odt|pdf|rtf' with 'txt|doc|docx|docm|odt|pdf|rtf|zip'

As for the rest of your wish list - sounds pretty complicated to me but I'm sure where there's a will, there's a way. Good luck.