Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 4, 2011 7:32:12 GMT
Wow they are easy! I'm customising it to decline certain file types. Anyone tried making one, the basics and simple, the uploading part but the security is hard!
|
|
Nick
VIP
v5 Beta Tester[M:5000]
Philadelphia Eagles: 8-8
Posts: 2,239
|
Post by Nick on May 5, 2011 1:41:33 GMT
Does your uploader rename the files once they are uploaded?
|
|
edenwax
VIP
v5 Beta Tester[M:5000]
Posts: 1,266
|
Post by edenwax on May 5, 2011 1:48:33 GMT
"So I made an uploader"
|
|
Nick
VIP
v5 Beta Tester[M:5000]
Philadelphia Eagles: 8-8
Posts: 2,239
|
Post by Nick on May 5, 2011 3:12:42 GMT
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 5, 2011 3:25:28 GMT
Does your uploader rename the files once they are uploaded? Partly, say your image is called coders.png it would be 11coders.png or any number up to 99. |
|
edenwax
VIP
v5 Beta Tester[M:5000]
Posts: 1,266
|
Post by edenwax on May 5, 2011 5:23:38 GMT
|
|
Nick
VIP
v5 Beta Tester[M:5000]
Philadelphia Eagles: 8-8
Posts: 2,239
|
Post by Nick on May 5, 2011 13:18:43 GMT
I'm totally in denial  Do you have a link to your uploader so we can test it for security flaws?? |
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on May 5, 2011 13:37:13 GMT
I'm totally in denial Do you have a link to your uploader so we can test it for security flaws?? Do it. |
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 5, 2011 19:16:53 GMT
I will soon, there already is a few flaws which I need to fix first, like limiting file types.
|
|
Nick
VIP
v5 Beta Tester[M:5000]
Philadelphia Eagles: 8-8
Posts: 2,239
|
Post by Nick on May 6, 2011 2:34:26 GMT
Why not just make a script that only allows certain file types? The list would be shorter and more secure
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 6, 2011 3:24:46 GMT
MEH! I don't know lol.
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on May 6, 2011 12:35:18 GMT
finfo_open(FILEINFO_MIME_TYPE)
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 9, 2011 3:44:05 GMT
What would be some good files extentions to block?
|
|
edenwax
VIP
v5 Beta Tester[M:5000]
Posts: 1,266
|
Post by edenwax on May 9, 2011 6:34:44 GMT
Wat.
Why don't you block all but certain file types? Much more secure that way.
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 9, 2011 8:52:49 GMT
There is a good idea, I will try show this to you guys in the next few days, working hard on it!
|
|
Nick
VIP
v5 Beta Tester[M:5000]
Philadelphia Eagles: 8-8
Posts: 2,239
|
Post by Nick on May 9, 2011 13:08:51 GMT
Wat. Why don't you block all but certain file types? Much more secure that way. Haha! Thats what I said! |
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on May 10, 2011 3:13:07 GMT
So far I've got blocked:
php
php3
html
htm
ajax
js
bat
asp
aspx
mspx
exe
|
|
