SECURITY ISSUE

[Sleidia]

Good Morning,

Does anyone know what are the security issues
when allowing users to upload image files
on the server?

We have a Unix server, and I plan to allow
uploads of *.jpg, *.gif, *.png files of a certain
size only.
I don't see how someone could harm the server with
those restrictions. According to me (I know nothing
about that..but...) a virus uploaded as a jpg file can't
act like a worm on the server ,right?

In case I am totally wrong, thanks for telling me.

Have a good day, and thanks a lot for the one who
will respond.

 

[Murley]

Your safe, UNix system generally are. The only thing you may want to worry about is someone uploading LOTS of images and filling your hard drive.

 

[Sleidia]

Dear Murley,


Thanks a lot for your advice on this subject.
Concerning the number of files allowed to upload,
I have planned to set up limitations with PHP/mySql.

If you say virus or trojan won't harm the Unix system
I believe you.

Have a good day.

 

[Murley]

Yes, PHP uploads the files in the /tmp dir and gives them a unique filename. As that point they are read write by the webserver, but are not executable so your safe. Fortunatly, UNIX systems have feew virii and trojans out. Your safe Regards,

Chris Murley
Systems Administrator\Programmer