Dana ponedjeljak, 2. travnja 2012. 13:09:58 UTC+2, korisnik LITTO CHACKO napisao je:
This is a common problem. it is not related with cakephp alone..--
when we upload an image, usually we are checking whether its extension
is related to the corresponding picture formats.
But these may be result to great security problem. as in linux we can
create text editor files in any extensions. try it..
open text editor and write anything and save as txt.jpg. it will save
as that pic file.
so the problem is that if anyone created this type of file with a
virus code in it... it will upload success as it is of corresponding
formats. but when we view it it will execute in our browser and do
harm.... so please anybody point out checking the picture file other
than extensions???
pls anyone help......
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment