Re: security issues for allowing images to be uploaded to the server


Syntactic Confectionery Delight
	PerlMonks

Re: security issues for allowing images to be uploaded to the server

by archen (Pilgrim)

on May 04, 2003 at 00:53 UTC ( [id://255407]=note: print w/replies, xml )

Need Help??

in reply to security issues for allowing images to be uploaded to the server

Filenames are something to consider. For instance, allowing something called ../index.html is probably something you don't want. Checking mime types and file extensions is one thing, but consider generating a new file name in the script instead of trusting user input might help security if the file name doesn't matter.

Comment on Re: security issues for allowing images to be uploaded to the server

Replies are listed 'Best First'.
Re: Re: security issues for allowing images to be uploaded to the server by jonnyfolk (Vicar) on May 04, 2003 at 16:01 UTC
The way this will be set up, there will be a fixed path to the image file, and the new image will be named by the script, probably by timestamp, so I don't think there is an issue (though I always stand ready to be corrected(:) Thanks, glad you mentioned it ...	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://255407]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others scrutinizing the Monastery: (3)

As of 2024-04-19 05:14 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found