Home › Forums › General Questions › Security issue about uploading
- This topic has 6 replies, 2 voices, and was last updated 1 year, 1 month ago by xiaolllll.
-
AuthorPosts
-
2023-10-27 at 1:10 am #67963xiaolllllParticipant
Hi:
I have got a multi-vendor marketplace using wordpress, for the vendors have their own 3D model products and uploading them, what I concern about is the security issue, e.g. the javascript files. Any suggestion will be appreciated!
thanks a lot!2023-10-27 at 1:28 am #67964xeonCustomerOk so you are worried about security but you’re using WordPress so there’s that and you now want to try and secure JS files. There is no real good answer. You can obfuscate but that can be cracked. You can create encryption but better off changing platforms.
What are you trying to protect? Your code? Your customer data? Transactions?
Xeon
Route 66 Digital
Interactive Solutions - https://www.r66d.com
Tutorials - https://www.xeons3dlab.com2023-10-28 at 8:36 am #67995xiaolllllParticipantHi:
As a platform, the vendors have full control the js files, any behavior exclude the 3D model itsself is not welcomed. I am thinking about is there need to seperate the 3D files to store in another platform…2023-10-28 at 10:11 pm #68021xeonCustomerGLTF files are fully exposed to the end user so there would be no benefit to moving them off any platform. The only security you can have for a model is not create one you dont want to give away for free. Its like an image…once its out there…its there for anyone to copy and use as they want. You can add a copyright to it…or if the content is copyrighted then you have some protection but other than that…nothing you can do to project the models.
Xeon
Route 66 Digital
Interactive Solutions - https://www.r66d.com
Tutorials - https://www.xeons3dlab.com2023-11-02 at 11:44 am #68146xiaolllllParticipantHI:
What I concern about is not the model copyright, but other js files uploaded by the vendors. I am using the woocommerce verge plugin, as now the vendors can even upload php files, but I have done some file extension filter.2023-11-04 at 4:32 am #68205xeonCustomerHi,
Unfortunately, any advice I could give you would probably be incorrect without knowing the complete server structure and security measures that are in place. All I can offer is a sanity check.If you are in control of the market place and the vendors are your customers then you are the one in control of what they can and can not do. If you business model is such that you allow code to be uploaded by the vendors to your server then your platform should be built in such away to securely keep vendors files isolated from the main server code as well as any code of other vendors. Needless to say allowing vendors to upload anything leaves any service extremely vulnerable to all sorts of hacks and attacks.
A typical market place implementation would allow models to be uploaded and permitted html, and css in specific block definitions and anything else would be deleted and in folders setup where execution could not take place. More importantly, it wouldn’t allow uploads of any unauthorized file type.
I would strongly suggest hiring a security hardening firm that specializes in this sort of thing.
Xeon
Route 66 Digital
Interactive Solutions - https://www.r66d.com
Tutorials - https://www.xeons3dlab.com2023-11-07 at 12:34 am #68245xiaolllllParticipantHi:
Thanks a lot for your suggestion, I’ll think about it! -
AuthorPosts
- You must be logged in to reply to this topic.