Yeah but thats pretty pointless if your just uploading images. But yes what you said would be the ideal situation if you want to do a download system, or supply files to users.
On Aug 31, 4:56 am, Stinkbug <justink...@gmail.com> wrote: > There is one thing to keep in mind when uploading files and that's the > security risks in uploading files to the webroot where people can > access them directly. It's generally recommended to upload files to a > directory outside of the webservers document root and give them a > unique name, so that the file can't be accessed directly. Store a > reference in the database as a pointer to the file on the file > system. Then you can use Cakes Media view to access the file. > > This helps prevent people from uploading a malicious file and then > executing it on the server. On top of that you can do all kinds of > server authentication or even use the ACL to grant proper permissions > to the files. > > On Aug 30, 10:51 am, DigitalDude <e.blumsten...@googlemail.com> wrote: > > > Hey, > > > in my first "real" and own project, I want to implement the ability to > > upload files to a user's account. The filetypes I need to be able to > > upload are: > > > - PDF > > - JPG > > - GIF > > - PNG > > - XLS > > - DOC > > - OpenOffice Documents > > - ZIP > > - RAR > > > Before I start to implement a file-uploading action, I need to > > consider what are the security-risks of fileuploads in general, and in > > case of any of the listed filetypes above. > > > What are the dangers of these filetypes, abd how can I prevent myself > > and my server from getting in danger? > > > Regards, > > > DD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---