Your skill will accomplish what the force of many cannot |
|
PerlMonks |
Re(2) (ichimunki): Security issues when allowing file upload via CGIby dmmiller2k (Chaplain) |
on Dec 06, 2001 at 23:31 UTC ( [id://130038]=note: print w/replies, xml ) | Need Help?? |
Roger that!! Had it not been for Micro$oft's feature-laden behemoths, (and their commensurate security patches, and security-patch patches, and so on, new ones of which seem to be required almost daily), nevermind OS-related issues, there might never have erupted as pervasive an anti-virus cottage industry as we have (which has since become a full-fledged industry). I think you should quarantine uploaded files and run the shell command, file {upload filename} on them to confirm they are what they purport to be.
Update: The expectation here is that before this subroutine is called, a file has already been uploaded (ostensibly one whose name ends in .jpg, .jpeg, or .gif) and "quarantined" -- that is, stored somewhere "safe", out of harm's way -- and that the parameter, $fn, to the sub is the full path to this file. (Thanks, nufsaid, for bringing up the issue of the tainted-ness of $fn) dmm Just call me the Anti-Gates ...
In Section
Seekers of Perl Wisdom
|
|