Is php fileinfo sufficient to prevent upload of malicious files?

Posted by Scarface on Stack Overflow See other posts from Stack Overflow or by Scarface
Published on 2010-04-01T15:25:43Z Indexed on 2010/04/01 15:33 UTC
Read the original article Hit count: 287

Filed under:
|

Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

© Stack Overflow or respective owner

Related posts about php

Related posts about security