| Validation file input and text input |
[eluser]boltsabre[/eluser]
Quote:@boltsabre, thanks for the warning! I thought that the Codeignter upload library handled all the security issues. To be honest, I'm not sure, I've never used the CI image uploader library, or looked at the code, or looked at the documentation. Still, I think it would be prudent to gain/research the knowledge about file upload vulnerabilities and check them against what/how CI handles them. I'm sure the library handles some of it, but I doubt it handles it all! For example you should rename file names, that way if someone does somehow manage to get a bit of bad code (aka file) into your system, they cannot just call/execute it by typing its name into the url bar (aka www.mydomain/images/my_bad_file_lets_hack_this_site.php.jpg), because you've changed it to something random like www.mydomain/images/fdal45kss4sle843s.php.jpg - the hacker wont have any idea of what the file name is anymore 
|
| Messages In This Thread |
|
Validation file input and text input - by El Forum - 07-09-2012, 11:17 AM
Validation file input and text input - by El Forum - 07-10-2012, 01:23 AM
Validation file input and text input - by El Forum - 07-10-2012, 02:11 AM
Validation file input and text input - by El Forum - 07-10-2012, 12:03 PM
Validation file input and text input - by El Forum - 07-10-2012, 12:22 PM
Validation file input and text input - by El Forum - 07-11-2012, 01:44 AM
Validation file input and text input - by El Forum - 07-11-2012, 11:05 AM
Validation file input and text input - by El Forum - 07-11-2012, 02:29 PM
Validation file input and text input - by El Forum - 07-11-2012, 02:53 PM
Validation file input and text input - by El Forum - 07-11-2012, 02:58 PM
Validation file input and text input - by El Forum - 07-12-2012, 01:50 AM
Validation file input and text input - by El Forum - 07-12-2012, 02:17 AM
Validation file input and text input - by El Forum - 07-13-2012, 10:48 AM
|
