Blocking file types by extension is pointless. as you can just change the file type.
If you're worried about kids being able to run arbitrary python scripts on your network, then the security problem is not the kids, it's your shitty network.
People are given cash as bug bounties for finding security flaws in systems, but in schools they are punished!
>If you're worried about kids being able to run arbitrary python scripts on your network, then the security problem is not the kids, it's your shitty network.
How is this even possible? Unless your CMS runs on python somewhere and does eval() a lot. Then yes, that is a huge problem. Moreover, why would that stop anything just not called .\+\.py?
If your CMS does `python ${fileIjustdownloadedfromuser}` in a shell then we are in serious trouble.
I think it's also a problem when people are rewarded for finding these kinds of bugs that are not actual bugs.
Some bad person vandalised an obscure public Oracle repository on GitHub that's not even for any public product they're known for (OpenGrok). Instead of being banned, the owners restricted public edits. WTF? It's small things like this that end up being having the anti-pattern become the norm.
I feel the logic is somewhat similar but injections to websites / applications may be easier and hard to prevent against, so filtering pornography may be useful. Iām a dev not a security expert so sorry in the lack of understanding. I am actually trying to learn more about security / hacking
Blocking file types by extension is pointless. as you can just change the file type.
If you're worried about kids being able to run arbitrary python scripts on your network, then the security problem is not the kids, it's your shitty network.
People are given cash as bug bounties for finding security flaws in systems, but in schools they are punished!