Reputation: 704
Image upload security concern
Some background info: I am developing a website, on which users will have profiles and will be able to upload profile pictures. I am not very experienced, and do not have lots of time available on my hands (as I do it in my free time). Yet I am aware that uploads can leave a huge security gap for any website if implemented incorrectly.
My actual question: Is it safe to limit images to, say .gif, .jpg and .png extensions, knowing the server can only parse php files (don't know if I'm using the terminology correctly)? Or is there some other security risk in doing this? Note, I also store the files in a private directory after renaming them with random numbers, and pass them through a php file whenever it is necessary.
Upvotes: 0
Views: 116
Answers (1)
Reputation: 524
Additional safeguards you could use: limit the size of the uploaded file
Upvotes: 1