SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: How to Securely Upload Images

  1. Feb 11, 2012 17:15 #1
    DoubleDee
    DoubleDee is offline
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    2,868
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to Securely Upload Images

    Well, for the first time, I just added to my website the concept of "Member Accounts" (i.e. Register, Log-In, Log-Out, Change Password, Reset Password).

    Now I would like to create "Member Profiles" similar to what SitePoint offers.

    Specifically, I am looking for a SECURE way to allow new Members to upload a small picture of themselves and add it to their Member Profile.

    I have read up some on this topic, but mostly the info I have found online involves heated debates about what IS and IS NOT "secure".

    Is it "suicide" to even offer this functionality? (Must not be if SitePoint allows it?!)

    Anyways, here are some things I think need to be checked, but I could use some help here...

    Security Checks for Uploaded Images
    1.) Is the File an Image (e.g. JPEG, JPG, PNG)

    2.) How big is the Image?

    3.) Strip off EXIF (or whatever it is called) meta-data from Image

    4.) Make sure PHP or EXE files cannot be uploaded

    5.) Make sure hackers can't find there way into my website, my files, and my database by allowing them to upload Images

    I'm not sure how much work is involved to do what I want, but am hoping it is attainable and that you guys can help me get started.

    Thanks,


    Debbie
    Reply With Quote Reply With Quote
  2. Feb 11, 2012 18:26 #2
    ralph.m
    ralph.m is online now
    It's all Geek to me silver trophybronze trophy
     SitePoint Award Recipient ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, Australia
    Posts
    19,945
    Mentioned
    216 Post(s)
    Tagged
    2 Thread(s)
    Off Topic:

    In reality, I'm ignorant of such issues, but I'll just mention another option, for what it's worth. A lot of people have their custom avatar appear any time they get involved with many sites around the web, even if they haven't signed up to that site. That's because they've signed up for something like a Gravatar (or even Facebook), which matches their avatar to their email address right across the web. So perhaps you could look into allowing that option on your site. It's just a thought, anyhow. (It still surprises me when I visit a site I've never seen before and there's my avatar, staring back at me. Kinda weird, really.)
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Try your hand at the new JavaScript Challenge!
    Reply With Quote Reply With Quote
  3. Feb 11, 2012 20:10 #3
    DoubleDee
    DoubleDee is offline
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    2,868
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Off Topic:

    Quote Originally Posted by ralph.m View Post
    In reality, I'm ignorant of such issues, but I'll just mention another option, for what it's worth. A lot of people have their custom avatar appear any time they get involved with many sites around the web, even if they haven't signed up to that site. That's because they've signed up for something like a Gravatar (or even Facebook), which matches their avatar to their email address right across the web. So perhaps you could look into allowing that option on your site. It's just a thought, anyhow. (It still surprises me when I visit a site I've never seen before and there's my avatar, staring back at me. Kinda weird, really.)
    Interesting suggestion.


    Debbie

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules