CodeIgniter Forums

Full Version: How To increase Security When Upload File ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello All , i have question about how to increase upload file script in codeigniter framework ? please give opinion , thanks
It's not clear exactly what your concern is, but here are some thoughts. I hope they are relevant.

The upload library does a good job doing all the right things associated with image uploading. But setting upload config options appropriately is very important - in particular the "allowed_types". Never change $config['detect_mime'] from its default of TRUE.

Setting $config['encrypt_name '] = TRUE is recommended. This can lead to more work because no two files will have the same name even if it is a re-upload of a file. You can find yourself with a large number of "orphan" files in your directory if your housekeeping isn't in order.

I have read recommendations on putting the upload directory outside the webroot. You might want to find the most restrictive permission setting possible for that directory.

There may be ways to harden your server through the use of .htaccess etc. That topic is out of my wheelhouse.

Setting the upload library to use xss_clean is something to consider. I don't think the File Upload Class documentation mentions this ability. $this->upload->set_xss_clean(TRUE) will cause the class to pass image files through the cleaner which is designed to remove embedded malicious code. Take a look at the comments associated with do_xss_clean() (found in the system/libraries/Upload.php) for insite. As I understand it, the current thinking is that xss protection measures should be taken on output not on on input. So you might wish to do some more research on using this feature.