• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Validation file input and text input

#12
[eluser]boltsabre[/eluser]
Quote:@boltsabre, thanks for the warning! I thought that the Codeignter upload library handled all the security issues.

To be honest, I'm not sure, I've never used the CI image uploader library, or looked at the code, or looked at the documentation.

Still, I think it would be prudent to gain/research the knowledge about file upload vulnerabilities and check them against what/how CI handles them. I'm sure the library handles some of it, but I doubt it handles it all!

For example you should rename file names, that way if someone does somehow manage to get a bit of bad code (aka file) into your system, they cannot just call/execute it by typing its name into the url bar (aka www.mydomain/images/my_bad_file_lets_hack_this_site.php.jpg), because you've changed it to something random like www.mydomain/images/fdal45kss4sle843s.php.jpg - the hacker wont have any idea of what the file name is anymore Wink


Messages In This Thread
Validation file input and text input - by El Forum - 07-09-2012, 11:17 AM
Validation file input and text input - by El Forum - 07-10-2012, 01:23 AM
Validation file input and text input - by El Forum - 07-10-2012, 02:11 AM
Validation file input and text input - by El Forum - 07-10-2012, 12:03 PM
Validation file input and text input - by El Forum - 07-10-2012, 12:22 PM
Validation file input and text input - by El Forum - 07-11-2012, 01:44 AM
Validation file input and text input - by El Forum - 07-11-2012, 11:05 AM
Validation file input and text input - by El Forum - 07-11-2012, 02:29 PM
Validation file input and text input - by El Forum - 07-11-2012, 02:53 PM
Validation file input and text input - by El Forum - 07-11-2012, 02:58 PM
Validation file input and text input - by El Forum - 07-12-2012, 01:50 AM
Validation file input and text input - by El Forum - 07-12-2012, 02:17 AM
Validation file input and text input - by El Forum - 07-13-2012, 10:48 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.