iTamer.com

Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one - with a .php extension. I could upload it to your server and have it served from there - not much use to me because it would fail to update.

The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.

Read his post here: PHP security exploit with GIF images

Also on this site

1 Comment »

1. There are many ways to protect against such dangers, keep in mind that an updated server has a better chance of fighting back. Also programming techniques where you should check the mime-type of uploaded file and trash it if it’s not of an acceptable mime-type. Nevertheless, the best way to prevent violations is to make the internet user sign up with their email address and do validate the email by sending a validation link to their mail box and have them click back to your website.

   Comment by Breckenridge — December 19, 2007 @ 4:23 am

Leave a comment

Name (required)

Mail (will not be published) (required)

Website

RSS feed for comments on this post. TrackBack URI