Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: security issues for allowing images to be uploaded to the server

by archen (Pilgrim)
on May 04, 2003 at 00:53 UTC ( #255407=note: print w/ replies, xml ) Need Help??


in reply to security issues for allowing images to be uploaded to the server

Filenames are something to consider. For instance, allowing something called ../index.html is probably something you don't want. Checking mime types and file extensions is one thing, but consider generating a new file name in the script instead of trusting user input might help security if the file name doesn't matter.


Comment on Re: security issues for allowing images to be uploaded to the server
Re: Re: security issues for allowing images to be uploaded to the server
by jonnyfolk (Vicar) on May 04, 2003 at 16:01 UTC
    The way this will be set up, there will be a fixed path to the image file, and the new image will be named by the script, probably by timestamp, so I don't think there is an issue (though I always stand ready to be corrected(:) Thanks, glad you mentioned it ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://255407]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (15)
As of 2014-10-21 17:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (106 votes), past polls