Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: security issues for allowing images to be uploaded to the server

by archen (Pilgrim)
on May 04, 2003 at 00:53 UTC ( #255407=note: print w/ replies, xml ) Need Help??


in reply to security issues for allowing images to be uploaded to the server

Filenames are something to consider. For instance, allowing something called ../index.html is probably something you don't want. Checking mime types and file extensions is one thing, but consider generating a new file name in the script instead of trusting user input might help security if the file name doesn't matter.
  • Comment on Re: security issues for allowing images to be uploaded to the server

Replies are listed 'Best First'.
Re: Re: security issues for allowing images to be uploaded to the server
by jonnyfolk (Vicar) on May 04, 2003 at 16:01 UTC
    The way this will be set up, there will be a fixed path to the image file, and the new image will be named by the script, probably by timestamp, so I don't think there is an issue (though I always stand ready to be corrected(:) Thanks, glad you mentioned it ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://255407]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2016-06-27 02:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred method of making French fries (chips) is in a ...











    Results (335 votes). Check out past polls.