What file type restrictions should I use?

[joeyjj]

Hello again,

 

I'm attempting to build my first website and I'm a complete beginner.

 

I have a question regarding file type restrictions when uploading to a database . I am currently using the MAMP program rather than an actual online server and the MySQL version is: MySQL 5.1.44.

 

I want to have one column in a table for virtually any type of file a user would wish to load, .mov, .jpg, .doc, .pdf, etc.

 

From the tutorials I've been reading it suggests for security reasons, you should add restrictions on what the user is allowed to upload.

 

The idea is that they can actually upload anything they want. Is security really a threat by doing this? And what would the threat be? As I don't really know much about security.

 

If so, should there be any types of files that I would be wise to restrict?, would it be wise for example to restrict uploads that are .php scripts as that is what I have written the website code in.

 

It would change the whole concept of this aspect of my website if I were to only allow certain files so I would prefer to limit the users as little as possible.

 

Sorry if this is a silly question, like I say I don't really know much about security. I've only gone as far as encrypting passwords as there won't be any sensitive data being stored.

 

 

[flyinavacuum]

Its hard to restrict every possible filetype that can carry a malicious script seeing as a .jpg file can really be a bunch of javascript code which steals your cookie information and gains access to another users account. but you can do other things like validate that the files uploaded are actually the correct file and if the file is a text file turn the <'s and >'s int &lt;'s and &gt;'s. or you could only allow specific file types. it depends on why you want to allow users to upload any file they want when sites like megaupload.com exist