Hey all. Just looking for a little advice.
I'm writing an upload script for a website. The actual code side I'm fine with pretty much, but because of the nature of the site I need any unregistered passer-by to be able to upload files. Obviously this means I need to be fairly prudent in my checks to ensure not just anything goes up there.
What sort of things should I be checking? I can restrict the file types to zip files, jpgs, pngs or gifs without causing funcitonality type problems for the users, which is a nice start. File sizes I can restrict too, and I suppose I should check for double extensions. Anything else?
Also what's good practice with regards of processing the files once I've decided to accept them? Do I put them in a temporary area until someone has been able to look at them before moving them into the main storage bin?
The files will be validated by an admin before being made available for public consumption, so it's more a worry about things people could do to the site rather than what they'll do to the user's machines.
Any advice? Cheers folks, Si
I'm writing an upload script for a website. The actual code side I'm fine with pretty much, but because of the nature of the site I need any unregistered passer-by to be able to upload files. Obviously this means I need to be fairly prudent in my checks to ensure not just anything goes up there.
What sort of things should I be checking? I can restrict the file types to zip files, jpgs, pngs or gifs without causing funcitonality type problems for the users, which is a nice start. File sizes I can restrict too, and I suppose I should check for double extensions. Anything else?
Also what's good practice with regards of processing the files once I've decided to accept them? Do I put them in a temporary area until someone has been able to look at them before moving them into the main storage bin?
The files will be validated by an admin before being made available for public consumption, so it's more a worry about things people could do to the site rather than what they'll do to the user's machines.
Any advice? Cheers folks, Si
