Syntactic Confectionery Delight | |
PerlMonks |
Re: security issues for allowing images to be uploaded to the serverby archen (Pilgrim) |
on May 04, 2003 at 00:53 UTC ( [id://255407]=note: print w/replies, xml ) | Need Help?? |
Filenames are something to consider. For instance, allowing something called ../index.html is probably something you don't want. Checking mime types and file extensions is one thing, but consider generating a new file name in the script instead of trusting user input might help security if the file name doesn't matter.
In Section
Seekers of Perl Wisdom
|
|