When you allow users to upload files to your website, you are putting yourself at a security risk. While nobody is ever completely safe, here are some precautions you can incorporate to make your site safer.
1.Check the referrer: Check to make sure that the information being sent to your script is from your website and not an outside source. While this information can be faked, it's still a good idea to check.
2.Restrict file types: You can check the mime-type and file extension and only allow certain types to be uploaded.
3.Rename files: You can rename the files that are uploaded. In doing so, check for double-barreld extensions like yourfile.php.gif and eliminate extensions you don't allow, or remove the file completely.
4.Change permissions: Change the permissions on the upload folder so that files within it are not executable. Your FTP program probably allows you to chmod right from it.
5.Login and Moderate: Making your users login might deter some deviant behavior. You can also take the time to moderate all file uploads before allowing them to become live on the web.
No comments:
Post a Comment