securing an image in php

[darkcarnival]

hi,

i found a tutorial on this but now i cant find it anymore :( :'(

basically I'm trying to figure out how you would protect an image form executing php code.

from what i read, if you enter php code in a program like gimp or PS, it'll execute when the image is included in a php program.

does anyone know how to prevent such a thing to happen? if so, please let me know.

thanks :)

[neohunter]

if you enter text on PS... php code... when you save the iamge... is just an image... i really dont understand

[fert]

why would the web sever parse images?

[darkcarnival]

somewhere i read this but i cant find the link anymore.

i was hoping someone could confirm this or just say im worring over nothing.

[mainewoods]

nobody includes images in php programs:
[code]include "image.gif"; //???[/code]
are you taking about the image exploit hack that surfaced maybe a year ago?  That hack only became active when loaded in certain vulnerable graphics apps(I think it exploited vector graphics capabilies).  That didn't affect php, it  is a desktop security issue requiring patches.

[darkcarnival]

oh ok then.

like i said i lost the link, so i want to get a confirm on this.

thanks for the confirming on this issue.

[ess14]

i think what your talking about is an injection attack.

this is where if you have a file upload utility for someone to use they could upload an image that is not actually an image, it would have malicious code in it.

http://php.robm.me.uk/

there is a good readup on SQL injection attacks for you to read.
make sure u sanitize any data being input by ur user and u'll be fine.