Sign in to follow this  

[web] Picture Uploads

This topic is 2660 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I read once about a security issue with letting people upload photos (jpeg, gif, png, etc). Aside from the problem of adult-rated content, and the suggestions at this link: http://www.mysql-apache-php.com/fileupload-security.htm , are there are code issues to be aware of? I believe the specific problem I read had to deal with displaying a .gif file that had been uploaded, and that somehow the contents of that file could be manipulated to secretly hold PHP code. Anyone know anything about this? Thanks.

Share this post


Link to post
Share on other sites
If I remember correctly there were security issues with Images for Internet Explorer version <= 6 (Don't know about the newer versions). It is because how IE detects MIME Types. When you don't send the correct type it will analyze the first 256 byte of the image and if it finds html tags there it interprets it. This cause security issues like Cross-Site Request Forgery attacks.

Check this article (in german) here is a Google Translation.

But this issue is only if the picture is opened directly like http://youurl.com/pictures/foobar.jpg

When it is displayed via the img tag there should be no problem.

And about the php code in an image: If your server only parses php files there should be no problem.

Share this post


Link to post
Share on other sites
Your web server must send correct headers to browser.
Your software dealing with uploads suld never use 'x'(exec) permission, and I think you should avoid sql injection rather then incorrect uploads.
With php you sould check weither uploaded file truly an image.

Share this post


Link to post
Share on other sites

This topic is 2660 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this