Newbies, don’t upload exploits with your images!
July 20th, 2007 by Sarah KingManuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one – with a .php extension. I could upload it to your server and have it served from there – not much use to me because it would fail to update.
The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.
Read his post here: PHP security exploit with GIF images
Secure File Locations
May 13th, 2005 by Sarah KingSomething that off-the-shelf scripts tend to neglect is saving your files in a secure location. Not all the files, necessarily. Just the valuable ones with things like your database username and password. The files that really matter. Read the rest of this entry »
