[UPHPU] Safe File Upload
Justin Giboney
giboney at giboneydesigns.com
Tue Oct 16 13:06:39 MDT 2007
Victor Villa wrote:
>I think before anybody is going to be able to give you accurate advice,
>you're going to need to tell us several things:
>
>1. web server
>
>
Apache
>2. OS that's running on the server
>
>
Mac 10.4
>3. is file upload for general public or is it for logged in members
>
>
Logged in General Public
>4. how trusted are those members
>
>
Trusted as much as you can trust the general public
>5. how big of files are you expecting
>
>
300px * 500px
>6. what type of files are you expecting
>
>
images only (.jpg, .gif, .png)
>Allowing a client to upload files brings several security risks to the
>server and to your other clients. Make sure it is something you truly need.
>
>
There is two options...
upload the file (and be able to use it whenever needed)
or
make the user use img tags (trust that the image will stay up, and
protect against other html entities)
More information about the UPHPU
mailing list