Jump to content

Recreating An Uploaded Image to Protect It Against Virus ?


Recommended Posts

Hi All,

 

Is recreating an uploaded image an efficient way to protect it against a potential virus ?

 

I came across this solution at the following address : http://security.stackexchange.com/questions/26690/use-php-to-check-uploaded-image-file-for-malware

 

at the paragraph starting with "Best I can think for PHP is to re-create the image".

 

Thanks

It's a very common area for questions, as this efficient way can have several options and methods depend on which environments the server is, assuming you are on UNIX/Linux environment. Without going into too much details, I'm going to try and give some tips use for you.

1. Use input validation to ensure the uploaded filename uses an expected extension type

2. Ensure the uploaded file is not larger than a defined maximum file size

3. Ensure the image is served with the correct content type (image/jpeg, image/png, etc..)

4. Ensure the uploaded directory has correct file/directory permissions itself.

5. Ensure the uploaded file has not executable rights.

6. Use some Apache techniques like ".htaccess" and ".htpasswd" which provides server configuration options on a per-directory basis.

7. Use image rewriting libraries in php to verify the image is valid and to strip away extraneous content.

8. Set the extension of the stored image to be a valid image extension based on the detected content type of the image. Do not just trust the header from the upload php script


So, I think this could covered of the very basic of security measures and hope it has helped you.

jazz.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.