RE: RE: RE: RE: Re: File Upload Security Question

Well, I can skip binmode as the scripts are running on a Linux box. I'm not sure what you mean by issuing the correct Content-Type. Are you meaning that I need to do that if I serve it from the database? By saving the file directly to a Web-accessible directory, I thought the server would handle that when the users clicked on a link to the file.

Which raises another question: How do I determine the content-type of an uploaded file? Obviously it's not a simple case of checking the extension (since Macs don't use them).

Comment on RE: RE: RE: RE: Re: File Upload Security Question

Replies are listed 'Best First'.
RE: RE: RE: RE: RE: Re: File Upload Security Question by btrott (Parson) on Jun 12, 2000 at 07:43 UTC
`> I'm not sure what you mean by issuing the correct > Content-Type. Are you meaning that I need to do that > if I serve it from the database? By saving the file > directly to a Web-accessible directory, I thought the > server would handle that when the users clicked on > a link to the file.` [download] No... if you let the webserver handle the file, you should have no problems so long as your mime types are configured properly. I meant if you put the files in a non-web-accessible directory and handled pushing out the files yourself.	[reply] [d/l]

Replies are listed 'Best First'.

RE: RE: RE: RE: RE: Re: File Upload Security Question
by btrott (Parson) on Jun 12, 2000 at 07:43 UTC

    > I'm not sure what you mean by issuing the correct
    > Content-Type. Are you meaning that I need to do that
    > if I serve it from the database? By saving the file
    > directly to a Web-accessible directory, I thought the
    > server would handle that when the users clicked on
    > a link to the file.
[download]

[reply]
[d/l]