> Concerning infecting the server, if the files are chmodded without the > executable bit, shouldn't that be considered *safer* > It may seem that mime_content_type() isnt an option. I tried it on a > flash file, and it reported it as text/plain.
Well, again, everything is dependent on what you're planning on doing with it. As an example, there are many, many, many web hosts out there that allow uploads of files through a form into a web directory. These forms can include CGI scripts. If a hacker uploads a malicious script and you don't have the proper permissions set (i.e. you're running apache as root) your system can be r00ted. Running PHP in safe mode does /a lot/ to help. Making sure any directories you need to make writable (i.e. file storage directories) have .htaccess files or (preferably) it set in the main apache config that they are off limits to web browsers also helps. There are linux virus protection programs available which can be run as a cron job to check files for windows viruses btw. I checked up the price on one and it was like $700 for a server license. :( -Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
