My question will probably expose my woeful lack understanding of security 
breaches, but perhaps someone can enlighten me.

On my site, registered members will be allowed to upload jpg/jpeg 
pictures. I'm concerned about possible security problems. First, is there a 
way to ensure that a picture (and not some other malicious stuff) has been 

Aside from checking the mime type info associated with the file, is there any 
way of verifying what's in the file that has been uploaded? (I'm using Linux 
LM8.2) Would it be possible to fake info to fool this check? Would 
verification checks for html/scripts/commands be of any use?

Secondly, since the file in question is already uploaded and saved to disk in 
/tmp or wherever, wouldn't any verification scheme be sort of, 

I would appreciate any input, suggestions, or ideas on what to do here. Am I 
being overly-paranoid about this, or do I have  legitimate security concern.

Using: Apache 1.3.23 + PHP 4.1.2 + PostgreSQL 7.2


Please pray the Holy Rosary to end the holocaust of abortion.
Remember in your prayers the Holy Souls in Purgatory.

May God bless you abundantly in His love!
For a free Cenacle Scriptural Rosary Booklet:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to