There is one thing to keep in mind when uploading files and that's the security risks in uploading files to the webroot where people can access them directly. It's generally recommended to upload files to a directory outside of the webservers document root and give them a unique name, so that the file can't be accessed directly. Store a reference in the database as a pointer to the file on the file system. Then you can use Cakes Media view to access the file.
This helps prevent people from uploading a malicious file and then executing it on the server. On top of that you can do all kinds of server authentication or even use the ACL to grant proper permissions to the files. On Aug 30, 10:51 am, DigitalDude <e.blumsten...@googlemail.com> wrote: > Hey, > > in my first "real" and own project, I want to implement the ability to > upload files to a user's account. The filetypes I need to be able to > upload are: > > - PDF > - JPG > - GIF > - PNG > - XLS > - DOC > - OpenOffice Documents > - ZIP > - RAR > > Before I start to implement a file-uploading action, I need to > consider what are the security-risks of fileuploads in general, and in > case of any of the listed filetypes above. > > What are the dangers of these filetypes, abd how can I prevent myself > and my server from getting in danger? > > Regards, > > DD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
