|P is for Practical|
security: making sure graphics uploaded by users are safeby keiusui (Monk)
|on Sep 30, 2009 at 00:42 UTC||Need Help??|
keiusui has asked for the
wisdom of the Perl Monks concerning the following question:
I have written a Perl script for a website. The script accepts an image submitted by the user. The image is then displayed on the user's profile.
Clearly, there are security issues when accepting an image from a user. Here are some of the precautions I have taken:
My concern is that, even with all those precautions, someone could still embed a virus in the image. How do I prevent this from happening? Should I use a module like Image::Magick to write a new image altogether? Do I need to run a virus check on each submitted image?
Also, are there any other security precautions that I need to take in regards to accepting a user-submitted image?
Thank you so much for your time and help.