My question will probably expose my woeful lack understanding of security breaches, but perhaps someone can enlighten me.
On my site, registered members will be allowed to upload jpg/jpeg pictures. I'm concerned about possible security problems. First, is there a way to ensure that a picture (and not some other malicious stuff) has been uploaded? Aside from checking the mime type info associated with the file, is there any way of verifying what's in the file that has been uploaded? (I'm using Linux LM8.2) Would it be possible to fake info to fool this check? Would verification checks for html/scripts/commands be of any use? Secondly, since the file in question is already uploaded and saved to disk in /tmp or wherever, wouldn't any verification scheme be sort of, 'after-the-fact'? I would appreciate any input, suggestions, or ideas on what to do here. Am I being overly-paranoid about this, or do I have legitimate security concern. Using: Apache 1.3.23 + PHP 4.1.2 + PostgreSQL 7.2 Tia, Andre -- Please pray the Holy Rosary to end the holocaust of abortion. Remember in your prayers the Holy Souls in Purgatory. May God bless you abundantly in His love! For a free Cenacle Scriptural Rosary Booklet: http://www.webhart.net/csrb/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
