Find the answer to your Linux question:
Results 1 to 2 of 2
If i use a file upload in a form and then process that file using php am i opening myself up to all sorts of problems. I currently check for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    How vulnerable is php upload.


    If i use a file upload in a form and then process that file using php am i opening myself up to all sorts of problems.

    I currently check for file types and extensions to ensure they are what I want them to upload. Then run the is_uploaded_file() function test.

    But am i still leaving myself open to exploits? Should I try and protect my data against more important / other vulnerabilities with this feature?

    All comments appreciated.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  2. #2
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    I don't see any problems with doing that. It will only have access as whatever uid apache runs as. Plus there is a php_safe option you can set in php.ini which enables extra security features.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •