View Full Version : uploading file security Q

02-05-2007, 07:21 AM
I have a script that basically parses an orderred list of mine and splices+displays it in table format etc.
I would like to allow visitors to upload their own txt or csv file and use their own list.
In the past I used some generic FORM and some SOB uploaded a virus or somesuch. Naturally I took that uploading function out and reverted back to just my orderred list.

My Q is how do you guard against such attacks?
The list would be just football player names separated by commas.
Is there a way to say query the uploaded file for "Peyton Manning" and if he's not there then it doesn't accept the upload?
Just an idea, feel free to suggest other ideas

02-05-2007, 10:31 AM
You would need to check the file type on the server side. If its a text file then move it from the temp directory. Seems like your old upload script allowed any file type allowing the person to upload the virus.

02-07-2007, 09:00 PM
how do you check file type?