-----Original Message----- From: Armin Schoech [mailto:armin.schoech@web.de] Sent: 12 March 2004 08:45 To: suse-security@suse.com Subject: Re: [suse-security] HTTP File Uploads
Hi,
I'm working on a php script to upload user supplied jpg photos to my server.
What are the security issues involved when allowing users to upload files to my server like this?
--> You should restrict the file size in the HTML form and additionally by checking the limit in the PHP script. Otherwise someone could crash your server by filling up your harddisk until 0 bytes are left.
In addition to this you could use a separate partition for this sort of data. If you want to get anal you could mount this partition noexec...? You could also check the file type to ensure it's a jpeg (I don't know what you're intending to do with these files). Tom.