Posts Tagged ‘security’

Newbies, don’t upload exploits with your images!

July 20th, 2007 by Sarah King

Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one – with a .php extension. I could upload it to your server and have it served from there – not much use to me because it would fail to update.

The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.

Read his post here: PHP security exploit with GIF images

Secure File Locations

May 13th, 2005 by Sarah King

Something that off-the-shelf scripts tend to neglect is saving your files in a secure location. Not all the files, necessarily. Just the valuable ones with things like your database username and password. The files that really matter. Read the rest of this entry »