Drongo_III Posted November 24, 2013 Share Posted November 24, 2013 Hi Guys I am after a little advice. I'm working on a fairly large volume site -2-3 mill hits a month for a large company. The reason this is significant will become clear. I'm creating a multistage signup form (though it is very specific and volumes are likely to be quite low) and part of it requires image uploads - around 2-6 images with max total file size of around 10mb. However, I am a little concerned as to whether this image upload represents a vulnerability. Images get uploaded halfway through the registration process irrespective of whether the user completes because we use the uploaded images to display as thumb nails in the page as they upload each one. I have a cron script set to run each day that cleans downs images of more than 1 day old that don't have a corresponding database record. But my concern is if someone wanted to attack the form they could probably automate an upload to the site over and over and potentially cause big problems. I was wondering if anyone else had ever encountered the same issue or concern and how you recommend getting around it. Possible ways I can think of are: log IPs and deny multiple submissions from the same IP Run the cron more frequently to clean up I have also considered some sort of unload ajax event that would call a cleanup script but I wasn't sure that would really fix this issue since a seasoned attacke rwould likely circumvent that quite easily. Any advice is very welcome. Drongo Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.