SitePoint Sponsor

User Tag List

Page 4 of 4 FirstFirst 1234
Results 76 to 83 of 83
  1. #76
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I see now.

    Yes, obviously, you'll either have to do a preg_replace on the uploaded html files to get them to display properly, create a mod_rename (or similar) based system for the images or implement a different method of security, probably platform-based.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  2. #77
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay. Ryan, as soon as you read the rest of the thread, shoot me an email and let me know what you're going to do. We really don't have any more time to waste, but it looks to me like you can either do a db or two platform-based solutions. Please get started ASAP. Thanks.

  3. #78
    Super Ninja Monkey Travis's Avatar
    Join Date
    Dec 2001
    Location
    Sioux City, Iowa
    Posts
    691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why wouldn't this work?
    PHP Code:
    <?php
    $dirname 
    md5(rand());
    if (@
    mkdir ($dirname0777)) {
        echo 
    'Directory created!';
    }

    $fp fopen ('dirname.inc.php''w');
    fwrite ($fp"<?php \$dirname = '$dirname'; ?>");
    fclose ($fp);
    ?>
    Then just include dirname.inc.php into your view script and you know the name of the dir and no one else will.

    Note: I have not tested this code. There might be some parse errors and such.

    As for viewing files, you can set the headers so that you view them instead of downloading them. You should check for GIF, PNG, JPG, or HTML extensions (file.gif) and set the headers specially for them. Then if the file isn't one of those you can simply use the application/octet-stream (i think thats it) content-type and it will be presented for download.
    Last edited by Trav; Jan 30, 2003 at 20:23.
    Travis Watkins - Hyperactive Coder
    My Blog: Realist Anew
    Projects: Alacarte - Gnome Menu Editor

  4. #79
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the name could get out and then anyone can access it. I think we're gonna go with the DB solution and not worry about HTML files being able to view with the right files in it.

  5. #80
    Super Ninja Monkey Travis's Avatar
    Join Date
    Dec 2001
    Location
    Sioux City, Iowa
    Posts
    691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like Killabyte said, thats like saying 'The server could be hacked' and then all your security would be a waste. I see only one problem with the database solution, other than it could get slow, and its that the DB might have a limit for these things (I believe mySQL has some sort of limit for the size of a blob).
    Travis Watkins - Hyperactive Coder
    My Blog: Realist Anew
    Projects: Alacarte - Gnome Menu Editor

  6. #81
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MySQL has a large limit. I believe a MEDIUMBLOB can hold up to 15MB and LONGBLOB holds up to WAAAAY more. The limit I believe you're talking about is the limit in php.ini. And I can see what you're talking about with that because not all servers have their php.ini file limits set very high. Isn't there a way to set that limit by PHP ? I believe you just set a hidden field in the upload form to like "MAX_FILESIZE" or something and then set your limit there. Am i wrong here?

  7. #82
    Super Ninja Monkey Travis's Avatar
    Join Date
    Dec 2001
    Location
    Sioux City, Iowa
    Posts
    691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should do a search on the topic. There has been many discussions about it and I think most of the solutions were more complex than that. Something to do with memory limits and such I believe (I've never had to upload large files).
    Travis Watkins - Hyperactive Coder
    My Blog: Realist Anew
    Projects: Alacarte - Gnome Menu Editor

  8. #83
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I understand DoobieWho's apprehension regarding a random, hidden directory as a method of security. There's a good chance that on either a shared host or some other scenario someone may be able to employ a method to find those directories.

    I'll admit that I don't know if MySQL binary storage would be practical... I've never tried it because there has always been a way to secure a directory, which is the prefered solution, as far as I know.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •