How to Securely Upload Images

Well, for the first time, I just added to my website the concept of “Member Accounts” (i.e. Register, Log-In, Log-Out, Change Password, Reset Password).

Now I would like to create “Member Profiles” similar to what SitePoint offers.

Specifically, I am looking for a SECURE way to allow new Members to upload a small picture of themselves and add it to their Member Profile.

I have read up some on this topic, but mostly the info I have found online involves heated debates about what IS and IS NOT “secure”.

Is it “suicide” to even offer this functionality? (Must not be if SitePoint allows it?!)

Anyways, here are some things I think need to be checked, but I could use some help here…

Security Checks for Uploaded Images
1.) Is the File an Image (e.g. JPEG, JPG, PNG)

2.) How big is the Image?

3.) Strip off EXIF (or whatever it is called) meta-data from Image

4.) Make sure PHP or EXE files cannot be uploaded

5.) Make sure hackers can’t find there way into my website, my files, and my database by allowing them to upload Images

I’m not sure how much work is involved to do what I want, but am hoping it is attainable and that you guys can help me get started.

Thanks,

Debbie

Off Topic:

In reality, I’m ignorant of such issues, but I’ll just mention another option, for what it’s worth. A lot of people have their custom avatar appear any time they get involved with many sites around the web, even if they haven’t signed up to that site. That’s because they’ve signed up for something like a Gravatar (or even Facebook), which matches their avatar to their email address right across the web. So perhaps you could look into allowing that option on your site. It’s just a thought, anyhow. (It still surprises me when I visit a site I’ve never seen before and there’s my avatar, staring back at me. Kinda weird, really.)

Off Topic:

Interesting suggestion.

Debbie