I have made an upload script, and at the moment I have checked against all the potential dangers that I can think of... for the moment.
I am currently:
- checking for errors ($_FILE['variable'][error])
- checking the size of the file (Can anyone reccomend a suitable max file size, I thought 200k would suffice)
- checking the MIME type
- checking the extension
- checking the file doesnt already exist
If all those are okay, then I move the file via move_uploaded_file. My main aim is to stop people uploading potentially dangerous scripts (To the server, site, and users), such as PHP, CGI, PERL, EXE etc. Does anyone else have any suggestions to how I can tighten the security even more, to make absolutely sure no potentially scripts are uploaded?
Thanks.
Secure upload
Moderator: General Moderators
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
well it all depends on what your having the user upload. if its only a image for like a avatar then 200K is plenty. and if you want to be secure about it do getimagesize (i think that the function) and if it returns true then it really is a image if not then the user is trying to pull a fast one on you and you can slap them down with a error. but thats only images the rest there really isnt a way to verify what kind of file it truley is.
- cheatboy00
- Forum Contributor
- Posts: 151
- Joined: Sat Jun 29, 2002 10:36 am
- Location: canada
- Contact:
I’m not as worried about files that can harm user’s computers, since it is their own risk whether or not they accept/run it (Although they shouldn’t be allowed to be uploaded in the first place). What I really want to stop is potentially dangerous scripts to the server, which can expose it, and the code which is on it (Each user will have their own account in which they can upload, not just image files, but js, htm, html, doc, css etc).
My main priority and philosophy is ‘prevention is better than cure’. I would preferably like to stop altogether these kinds of scripts being allowed onto the server, full stop.
Thanks.
My main priority and philosophy is ‘prevention is better than cure’. I would preferably like to stop altogether these kinds of scripts being allowed onto the server, full stop.
Thanks.
what you could do is when the file is uploaded is to open up the permissions on the folder to allow writing to it but no execution. when the move has taken place reset the permisions to the file and folder to read only. Or just the folder to read only.
When a file is requested to be downloaded reopen the permsissions on the folder but not the files to allow the download then reset the permsisions agian.
When a file is requested to be downloaded reopen the permsissions on the folder but not the files to allow the download then reset the permsisions agian.