Author Topic: Allow visitors to upload images, is it secure? (Read 4064 times)

Oras · « **on:** April 10, 2006, 11:43:18 PM »

Hello,
I want to allow uploading pictures for visitors ... but I have a question, is it secure? i.e. what if a visitor uploaded a PHP file as .jpg? will the script recognize it? I searched the forum but didn't find answer.
Thank you for help

V@no · « **Reply #1 on:** April 11, 2006, 01:14:21 AM »

yes, 4images not only checks the extensions, but also the format of the common image files.
also, even if one somehow uploaded a renamed php file, there is no harm could do such file, because the server will not recognize it as php and will not execute it, unless the hacker got access to the server somehow...

waleed · « **Reply #2 on:** April 12, 2006, 01:45:06 PM »

they hacked my gallery by uploading media files
they can upload .php as 3gp
dont ask me how ask them

you better disable this option

V@no · « **Reply #3 on:** April 12, 2006, 02:43:13 PM »

Quote from: waleed on April 12, 2006, 01:45:06 PM

they hacked my gallery by uploading media files
they can upload .php as 3gp
dont ask me how ask them

and they did it while you had all the bug fixes applyed? if so, then perhaps your letting them do it again to others by not reporting this to us!

Oras · « **Reply #4 on:** April 12, 2006, 07:46:56 PM »

Thank you very much V@no for your reply

4images Forum & Community

News:

Author Topic: Allow visitors to upload images, is it secure? (Read 4064 times)

Oras

Allow visitors to upload images, is it secure?

V@no

Re: Allow visitors to upload images, is it secure?

waleed

Re: Allow visitors to upload images, is it secure?

V@no

Re: Allow visitors to upload images, is it secure?

Oras

Re: Allow visitors to upload images, is it secure?