Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: security issues for allowing images to be uploaded to the server

by archen (Pilgrim)
on May 04, 2003 at 00:53 UTC ( #255407=note: print w/ replies, xml ) Need Help??


in reply to security issues for allowing images to be uploaded to the server

Filenames are something to consider. For instance, allowing something called ../index.html is probably something you don't want. Checking mime types and file extensions is one thing, but consider generating a new file name in the script instead of trusting user input might help security if the file name doesn't matter.


Comment on Re: security issues for allowing images to be uploaded to the server
Re: Re: security issues for allowing images to be uploaded to the server
by jonnyfolk (Vicar) on May 04, 2003 at 16:01 UTC
    The way this will be set up, there will be a fixed path to the image file, and the new image will be named by the script, probably by timestamp, so I don't think there is an issue (though I always stand ready to be corrected(:) Thanks, glad you mentioned it ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://255407]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (9)
As of 2015-07-03 18:39 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (55 votes), past polls