...

View Full Version : uploading file security Q



FJbrian
02-05-2007, 07:21 AM
I have a script that basically parses an orderred list of mine and splices+displays it in table format etc.
I would like to allow visitors to upload their own txt or csv file and use their own list.
In the past I used some generic FORM and some SOB uploaded a virus or somesuch. Naturally I took that uploading function out and reverted back to just my orderred list.

My Q is how do you guard against such attacks?
The list would be just football player names separated by commas.
Is there a way to say query the uploaded file for "Peyton Manning" and if he's not there then it doesn't accept the upload?
Just an idea, feel free to suggest other ideas

_Aerospace_Eng_
02-05-2007, 10:31 AM
You would need to check the file type on the server side. If its a text file then move it from the temp directory. Seems like your old upload script allowed any file type allowing the person to upload the virus.

FJbrian
02-07-2007, 09:00 PM
how do you check file type?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum