Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I think your computer sucks if it is running code inside of images, whether it is virus code or not. We already ensure that uploads are always tagged as non-executable. That should be enough. I could imagine a version of MS IE being so broken as to notice that a data stream tagged as "image/gif" actually is the data from an MS Word document containing a macro virus, for example. But I think even they've been burned enough and this would be such a blatant securiy hole, that I'm not worried about it happening (and even if it did, I wouldn't care if an exploit got uploaded -- the blame would be all on the idiots who decided to *run* *data*). Update: Ah, buffer overruns. *sigh* I consider virus scanners the wrong solution to just about any problem. At level 5, the risk seems quite slim. I still vote 'no'. Now, an efficient image format validator would be a better solution here (so long as it doesn't have a buffer overrun bug in it...). - tye In reply to Re: virus scanning uploaded images
by tye
|
|