From the course: PHP Techniques: Working with Files and Directories
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Securing file uploads - PHP Tutorial
From the course: PHP Techniques: Working with Files and Directories
Securing file uploads
- [Instructor] In this movie, we will discuss the security concerns around user uploaded files. My top recommendation is to require a user to log in before they can upload files. Don't let anonymous users upload. Then you'll know if a user abuses their file upload privileges. You can block the user or escalate the issue to other authorities. Users tend to follow the rules better when they know their identity is attached to their actions. Even files by logged in users may contain copyrighted material, offensive content or malware. The user may not realize it. So you should give some thought to whether files will become immediately public or go through a review process. You should also be cautious about opening uploaded files. Opening simple image files is usually fine, but malware can be embedded in executable files or in files that allow macros or scripting like Word or Excel files. It helps to validate the file…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Configuring PHP for file uploads1m 52s
-
(Locked)
Sending files as form data3m 51s
-
(Locked)
Inspecting uploaded files4m 54s
-
(Locked)
Moving uploaded files5m 7s
-
Handling upload errors4m 2s
-
(Locked)
Setting file permissions6m 7s
-
(Locked)
Securing file uploads2m 15s
-
(Locked)
Challenge: Profile photo3m 48s
-
(Locked)
Solution: Profile photos4m 3s
-
(Locked)
-