code in images

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
pixienick
Forum Newbie
Posts: 12
Joined: Sun May 28, 2006 6:58 pm

code in images

Post by pixienick »

I am using imagecreate, imagejpeg to load and display images. The images are uploaded by users and stored in a directory not visible form outside. I turned off scripts in this folder using htaccess. If the images were to have code embedded in them could it be executed? Are there any other checks you can do on an image to make sure it dosent have code in it or at least cannot be executed?
This is a scary concept!
Thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

chmod the files after upload to 0444.
pixienick
Forum Newbie
Posts: 12
Joined: Sun May 28, 2006 6:58 pm

Post by pixienick »

nice one, i 'll do that, cheers.
Bigun
Forum Contributor
Posts: 237
Joined: Tue Jun 13, 2006 10:50 am

Post by Bigun »

*bookmarked*
Post Reply