PHP File Upload Security Ideas

Some tips of file uploads With PHP Safer.
When you allow an users to upload files to your website, you are putting yourself at a security risk

  • Check the referrer: Check to make sure that the information being sent to your script is from your website and not an outside source. While this information can be faked, it’s still a good idea to check.
  • Restrict file types: You can check the mime-type and file extension and only allow certain types to be uploaded.
  • Rename files: You can rename the files that are uploaded. In doing so, check for double-barreld extensions like yourfile.php.gif and eliminate extensions you don’t allow, or remove the file completely.
  • Change permissions: Change the permissions on the upload folder so that files within it are not executable.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s