At 1:55 PM +1100 12/17/08, Tim Starling wrote:
There are some file types, such as .png and .wav, where that approach is
not at all secure. The file command will tell you that the file is
image/png, but IE 6 will detect it as text/html and run scripts in it.
Oh, I see the problem (I think).
I w
Peter Ford wrote:
> tedd wrote:
>
>> I can't imagine evil code still working after someone resizes the file.
>>
>>
>
> Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
>
> I prefer to move files to an off-line store, run them through a unix 'file'
> command (wit
tedd wrote:
> At 11:45 PM +1100 12/16/08, Tim Starling wrote:
>> I thought the list might be interested in a tutorial for secure
>> web-based file uploads that I just wrote:
>>
>> http://tstarling.com/blog/2008/12/secure-web-uploads/
>>
>> -- Tim Starling
>
> Tim:
>
> That's a good read -- thanks -
On Tue, 2008-12-16 at 16:02 +, Peter Ford wrote:
> tedd wrote:
> > I can't imagine evil code still working after someone resizes the file.
> >
>
> Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
>
> I prefer to move files to an off-line store, run them through a
tedd wrote:
> I can't imagine evil code still working after someone resizes the file.
>
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
I prefer to move files to an off-line store, run them through a unix 'file'
command (with a mime-type magic file) to get the mime-
At 11:45 PM +1100 12/16/08, Tim Starling wrote:
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
Tim:
That's a good read -- thanks -- but it's more of an article tha
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
7 matches
Mail list logo
