Tagged Questions
-2
votes
6answers
636 views
Use PHP to check uploaded image file for malware?
I want my users to be able to upload a photo. Currently I am not checking the uploaded photo for problems of any kind, although I do limit the size to 32k.
Is there any way for me to check uploaded ...
13
votes
4answers
417 views
What are the security threats of zip file uploads and what preventive actions should be taken?
We have a Drupal application developed for sharing files.
We are allowing zip files to be uploaded by logged in departmental user.
We are using Drupal private file system (outside webroot).
We are ...
2
votes
3answers
132 views
is it safe to allow external images to be attached to Blog or any Web content?
I am filtering all images that attached to any content of my blog:
Check for file extension.
Check content type using $finfo = finfo_open(FILEINFO_MIME_TYPE);
I also save the image temporary on my ...
2
votes
1answer
86 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
5
votes
6answers
692 views
How to defend vs. Image Remote File Inclusion, e.g. RFI using a .gif file (Apache/PHP)?
To defend versus Remote File Inclusion where attackers try to abuse image files, I usually recommend to never use include to include image files into PHP code.
Sometimes though, the avoidance of ...
9
votes
3answers
514 views
What steps should be taken to validate user uploaded images within an application?
Recently I have worked on a number of applications that need to process user uploaded images steps have been taken to validate the extension and the mime type.
But what else can be done to ensure ...
