[FX.php List] [OFF] Potential gotchas with uploading files?

Anders Monsen andersm at alamark.com
Thu Apr 2 21:49:59 MDT 2009 

Not sure if your users will be able to see the upload directory path, but if this is the case and the path can be accessed via web browser, then they may end up with access to the entire directory via a browser. One way around this is to include an index.html file in that directory with a gentle message to the user. This way, if they put the directory path and a trailing slash they will the contents of this file rather than the directory listing with options to download the files.

--
Anders Monsen


-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org on behalf of Bob Patin
Sent: Thu 4/2/2009 10:18 PM
To: FX.php Discussion List
Subject: Re: [FX.php List] [OFF] Potential gotchas with uploading files?
 
Good point about the filesizes; there are a couple of filesize  
settings in PHP that you'l want to bump up--max file size is one, and  
there's a 2nd one, but I forget the name now. If you look for 'max'  
after pulling up phpinfo() on a page, you'll find it. If I remember  
correctly, they're set to 2MB by default.



Bob Patin



Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Twitter: bobpatin
iChat: bobpatin
AIM: longterm1954
FileMaker 9 Certified Developer
Member of FileMaker Business Alliance & FileMaker TechNet
--------------------------
FileMaker hosting and consulting for all versions of FileMaker
Web hosting . PHP . Full email services . Free DNS hosting .  
Colocation . Consulting

On Apr 2, 2009, at 9:57 PM, Dale Bengston wrote:

> Hi Joel,
>
> The biggest headaches I've had with file upload have come from PHP  
> and Apache settings for file sizes and memory allocations. They're  
> set pretty low by default. Depending on what you're allowing for  
> uploads, this may not be an issue at all, but it got me. Also,  
> validate, validate, validate what's being uploaded.
>
> On Apr 2, 2009, at 9:15 PM, Joel Shapiro wrote:
>
>> Hi all
>>
>> I'm looking for thoughts on how complicated an upload-file site can  
>> be.
>>
>> I've got a potential new project that would involve people  
>> uploading files via the Web and then having those files accessible  
>> to FMP clients.  I haven't worked with uploading before, but I've  
>> successfully put together the basics of uploading files and moving  
>> them to a specified directory.  In my brief experimenting, though,  
>> I've already seen issues with access privileges of the uploaded  
>> files (on my development machine) and UPLOAD_ERR_NO_TMP_DIR errors  
>> on my regular web host.  I'm also aware that there are security  
>> concerns when uploading files to a server, and know that servers  
>> and php can be configured quite differently in different machines  
>> and environments (it's not yet determined if the site will be  
>> hosted internally or through an external FM host).  FWIW - I'd  
>> probably leave files in their directory(ies) on the web server and  
>> have the FMP clients get to them via their network paths, so I'm  
>> not very concerned about that part of it.
>>
>> For those that have worked with this, what kinds of problems can  
>> should I be ready for?  Could this be a big headache?
>>
>> TIA,
>> -Joel
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20090402/eb11cff1/attachment.html

More information about the FX.php_List mailing list