Re: PHP security exploit with GIF images

Recommend this page to a friend!

Re: PHP security exploit with GIF images

Subject:	Re: PHP security exploit with GIF images
Summary:	just use Apache config to defend against malicious uploads
Messages:	1
Author:	Emilis Dambauskas
Date:	2007-06-20 08:23:30
Update:	2007-06-20 08:29:59

1. Re: PHP security exploit with GIF images

Report abuse

Emilis Dambauskas - 2007-06-20 08:29:59

IMHO it is more elegant to solve the problem in the web server layer.

Just disable all scripting for the uploaded file directory (Apache example):

<Directory /var/www/mysite/uploads/>
AllowOverride None
AddType text/plain .php .phtml .php3 .phps .pl .cgi
</Directory>

"AllowOverride None" disables .htaccess scripts, which can be uploaded too.

If you have a separate server for uploads, then don't install php, perl, cgi, etc. on it and you'll be safe.

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.