I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
tedd wrote:
At 11:45 PM +1100 12/16/08, Tim Starling wrote:
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
Tim:
That's a good read -- thanks -- but it's more
, where that approach is
not at all secure. The file command will tell you that the file is
image/png, but IE 6 will detect it as text/html and run scripts in it.
The ClamAV step is almost pointless. It does nothing to deter an
attacker who is targeting your site specifically.
-- Tim Starling
3 matches
Mail list logo
