But yes what you said would be the ideal situation if you want to do a
download system, or supply files to users.
On Aug 31, 4:56 am, Stinkbug <justink...@gmail.com> wrote:
> There is one thing to keep in mind when uploading files and that's the
> security risks in uploading files to the webroot where people can
> access them directly. It's generally recommended to upload files to a
> directory outside of the webservers document root and give them a
> unique name, so that the file can't be accessed directly. Store a
> reference in the database as a pointer to the file on the file
> system. Then you can use Cakes Media view to access the file.
>
> This helps prevent people from uploading a malicious file and then
> executing it on the server. On top of that you can do all kinds of
> server authentication or even use the ACL to grant proper permissions
> to the files.
>
> On Aug 30, 10:51 am, DigitalDude <e.blumsten...@googlemail.com> wrote:
>
> > Hey,
>
> > in my first "real" and own project, I want to implement the ability to
> > upload files to a user's account. The filetypes I need to be able to
> > upload are:
>
> > - PDF
> > - JPG
> > - GIF
> > - PNG
> > - XLS
> > - DOC
> > - OpenOffice Documents
> > - ZIP
> > - RAR
>
> > Before I start to implement a file-uploading action, I need to
> > consider what are the security-risks of fileuploads in general, and in
> > case of any of the listed filetypes above.
>
> > What are the dangers of these filetypes, abd how can I prevent myself
> > and my server from getting in danger?
>
> > Regards,
>
> > DD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment