0

a apart fro SQL injection what are risks to comsider when querying database?
What are risks when uploading files other than limiting some extensions (like exe's)?

3
Contributors
3
Replies
5
Views
6 Years
Discussion Span
Last Post by Stefano Mtangoo
1

What are risks when uploading files other than limiting some extensions (like exe's)?

That also depends on how you're checking your extension. E.g. say you're getting the extension from the filename via $_FILES using PHP's string functions, the value of $_FILES can be faked. For images you can use PHPs image functions to check the file type.

Alternatively, you should use the fileinfo PECL extension.

You also have risks with people inserting malicious code into images, uploading them, then executing the file on your server - you could use the above mentioned PECL extension or http://en.wikipedia.org/wiki/Magic_number_(programming)#Magic_numbers_in_files

You should also considor where the actual file is being uploaded on server (you shoiuld diable script exection on the upload directory), the maximum file size, if your user could find this location and if the file is directly accessible, once uploaded.

There is also a risk of a denial of service atatck if the user uploads many large files - you should place a limit on the number of files a user is able to upload in a given time period.

Sure there are loads more, can't think of anymore of the top of my head :)

Votes + Comments
thanks for that
1

using htmlentities() inside a mysql_real_escape_string() may help too. As mentioned, limiting files by extension isn't foolproof. JS libraries cannot be used to filter data reliably either. There HAS to be a server-side test.

Votes + Comments
Thanks for that!
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.