At 1:55 PM +1100 12/17/08, Tim Starling wrote:
There are some file types, such as .png and .wav, where that approach is
not at all secure. The file command will tell you that the file is
image/png, but IE 6 will detect it as text/html and run scripts in it.
Oh, I see the problem (I think).
I
At 11:45 PM +1100 12/16/08, Tim Starling wrote:
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
Tim:
That's a good read -- thanks -- but it's more of an article
tedd wrote:
I can't imagine evil code still working after someone resizes the file.
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
I prefer to move files to an off-line store, run them through a unix 'file'
command (with a mime-type magic file) to get the
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Tue, 2008-12-16 at 16:02 +, Peter Ford wrote:
tedd wrote:
I can't imagine evil code still working after someone resizes the file.
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
I prefer to move files to an off-line store, run them through a unix
tedd wrote:
At 11:45 PM +1100 12/16/08, Tim Starling wrote:
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
Tim:
That's a good read -- thanks -- but it's more
Peter Ford wrote:
tedd wrote:
I can't imagine evil code still working after someone resizes the file.
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
I prefer to move files to an off-line store, run them through a unix 'file'
command (with a
7 matches
Mail list logo