SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    PHP Programmer QReyes's Avatar
    Join Date
    Oct 2001
    Location
    Philippines
    Posts
    698
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Protection against embedded PHP image

    I've read several months ago somewhere a security issue behind images whereas a programmer can conceal a PHP program as an image.

    For instance, someone tried to use http://www.example.com/php_image.jpg as a remote avatar. Embedded in the php_image.jpg is a PHP code which tries to conceal itself as an image.

    Is there a way to protect my site against this?

    What about uploads? How can I protect my site against volatile files?
    The Star Circle Quest Community - Community website for SCQ fans.
    Telebisyon.net - Reference guide to TV series shown in the Philippines.
    Lyrics Server Online! - All the lyrics you can get on one website.

  2. #2
    Non-Member
    Join Date
    Nov 2003
    Location
    here
    Posts
    258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i think its only possible if you link to an offsite avatar.

    answer - dont do it..its a security risk, get the lazy ****s to upload their own avatar.

  3. #3
    SitePoint Addict DM3Dan's Avatar
    Join Date
    Sep 2004
    Location
    Albany, NY
    Posts
    204
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did anyone else click that link?

    Anyways, yes, it is a security risk. Try to avoid it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •