Security flaw in this code approach

Posted by Alec Smart on Stack Overflow See other posts from Stack Overflow or by Alec Smart
Published on 2010-03-18T10:18:00Z Indexed on 2010/03/18 10:21 UTC
Read the original article Hit count: 489

Filed under:
|
|

Hello,

Am wondering if there would be any security flaw in this approach. I am writing a piece of code which allows users to upload files and another set to download those files. These files can be anything.

  1. User uploads the file (any file including .php files), it is renamed to an md5 hash (extension removed) and stored on server. A corresponding mySQL entry is made.
  2. The user trying to download the file, uses say download.php to download the file where the md5 file is sent (with the original name).

Is there someway in which anyone can exploit the above scenario?

© Stack Overflow or respective owner

Related posts about security

Related posts about php