in reply to image upload security issues

You could write a Perl script that verifies the uploaded files are actually image files and sets permissions on them if they pass or deletes them if they fail. You don't need to give 777 access to the upload directory at all, just make sure that whatever user is running your CGI scripts has read/write permission (6) to the directory.

Just out of curiosity, why don't you want the images to be stored in the database as BLOBs?

- - arden.

Replies are listed 'Best First'.
Re: Re: image upload security issues
by ok (Beadle) on Mar 10, 2004 at 15:37 UTC

    Just out of curiosity, why don't you want the images to be stored in the database as BLOBs?

    Purely practical: my hosting company makes a distinction between "disk space" and "database space." I get a LOT more "disk space."

[reply]

In Section Seekers of Perl Wisdom