We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Security issue about uploading

Home Forums General Questions Security issue about uploading

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #67963
    xiaolllll
    Participant

    Hi:
    I have got a multi-vendor marketplace using wordpress, for the vendors have their own 3D model products and uploading them, what I concern about is the security issue, e.g. the javascript files. Any suggestion will be appreciated!
    thanks a lot!

    #67964
    xeon
    Customer

    Ok so you are worried about security but you’re using WordPress so there’s that and you now want to try and secure JS files. There is no real good answer. You can obfuscate but that can be cracked. You can create encryption but better off changing platforms.

    What are you trying to protect? Your code? Your customer data? Transactions?

    Xeon
    Route 66 Digital
    Interactive Solutions - https://www.r66d.com
    Tutorials - https://www.xeons3dlab.com

    #67995
    xiaolllll
    Participant

    Hi:
    As a platform, the vendors have full control the js files, any behavior exclude the 3D model itsself is not welcomed. I am thinking about is there need to seperate the 3D files to store in another platform…

    #68021
    xeon
    Customer

    GLTF files are fully exposed to the end user so there would be no benefit to moving them off any platform. The only security you can have for a model is not create one you dont want to give away for free. Its like an image…once its out there…its there for anyone to copy and use as they want. You can add a copyright to it…or if the content is copyrighted then you have some protection but other than that…nothing you can do to project the models.

    Xeon
    Route 66 Digital
    Interactive Solutions - https://www.r66d.com
    Tutorials - https://www.xeons3dlab.com

    #68146
    xiaolllll
    Participant

    HI:
    What I concern about is not the model copyright, but other js files uploaded by the vendors. I am using the woocommerce verge plugin, as now the vendors can even upload php files, but I have done some file extension filter.

    #68205
    xeon
    Customer

    Hi,
    Unfortunately, any advice I could give you would probably be incorrect without knowing the complete server structure and security measures that are in place. All I can offer is a sanity check.

    If you are in control of the market place and the vendors are your customers then you are the one in control of what they can and can not do. If you business model is such that you allow code to be uploaded by the vendors to your server then your platform should be built in such away to securely keep vendors files isolated from the main server code as well as any code of other vendors. Needless to say allowing vendors to upload anything leaves any service extremely vulnerable to all sorts of hacks and attacks.

    A typical market place implementation would allow models to be uploaded and permitted html, and css in specific block definitions and anything else would be deleted and in folders setup where execution could not take place. More importantly, it wouldn’t allow uploads of any unauthorized file type.

    I would strongly suggest hiring a security hardening firm that specializes in this sort of thing.

    Xeon
    Route 66 Digital
    Interactive Solutions - https://www.r66d.com
    Tutorials - https://www.xeons3dlab.com

    #68245
    xiaolllll
    Participant

    Hi:
    Thanks a lot for your suggestion, I’ll think about it!

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.