Do a daily cleanup of uploaded files Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Dec 20, 2012 1:55 AM, "Pete Freitag" <[email protected]> wrote:
> > From a security perspective you don't want to skip the file extension > test(s) - that is critical. Also make sure you upload to a directory > outside of the webroot, then perform your validation. Only move it under > the webroot if you are sure it is a valid image and has an approved file > extension. Finally use your web server and/or CF sandbox security to > prevent execution on the image upload folder. > > I also wrote a blog entry a while with some tips for secure file uploads: > http://www.petefreitag.com/item/701.cfm > > -- > Pete Freitag - Adobe Community Professional > http://foundeo.com/ - ColdFusion Consulting & Products > http://hackmycf.com - Is your ColdFusion Server Secure? > http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 > minutes > > > > > On Tue, Dec 18, 2012 at 10:35 PM, Dan Baughman <[email protected] > >wrote: > > > > > skip all the nonsense and just try to resize the image. > > > > If that fails its either a color pallete java can't handle or it > > isn't an image. > > > > - Dan > > > > On Tue, Dec 18, 2012 at 8:12 PM, Terry Troxel <[email protected]> > > wrote: > > > > > > I am looking for a safe and secure way to put an example page on my > site > > > that will allow a potential client to upload a JPG in order to see an > > > example of a responsive photo gallery he can create using my new > > responsive > > > web template I am in the process of building. > > > Here is what I am considering in the upload process: > > > 1...JPG extension only > > > 2...file size limit > > > 3...remove exif data if it exists > > > 4...Convert file to PNG and save after doing the resizing, etc. that I > > need > > > to. > > > > > > I would like some opinions, suggestions, etc. to tell me if I am > missing > > > something or there is any other avenues I can persue to accomplish my > > goal > > > to stop anyone from using this to hack my site. > > > > > > Terry > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353554 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
