[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 168
  • Last Modified:

secured file uploading

Hi,
I have just made a scripts which allows my website members to upload thier images, avatars ...etc. This script isn't secure since anyone can upload anything via it. This script doesn't check wither the file upload is an image or not. Simply anyone can upload a SHELL file to hack my website.

Is there anyway to secure this script? Is it a good idea to keep files being upload on the same server of my website?

Best Regards,
Hakeem
0
Shopies
Asked:
Shopies
  • 2
1 Solution
 
Scott BennettManager TechnologyCommented:
What language are you using for your server side scripting? Every mainstreem language should have the capability or retricting which files can be uploaded based on the files MIME type. tell me what language you are using and I can give you an example.
0
 
ShopiesAuthor Commented:
I'm using PHP
Thanks for posting
0
 
Scott BennettManager TechnologyCommented:
Here is a link with an example of how to filter by mime type:
http://www.samspublishing.com/articles/article.asp?p=29587&seqNum=9&rl=1

if you look at the example on this page you will see that it is checking the mime type of the file like this:
 $file_array['type'] == "image/gif"

here is a list of file extentions and their mime types you can use to filter out the types of files you want to allow:

http://www.webmaster-toolkit.com/mime-types.shtml
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now