darkcarnival Posted November 27, 2006 Share Posted November 27, 2006 hi,i found a tutorial on this but now i cant find it anymore :( :'(basically I'm trying to figure out how you would protect an image form executing php code.from what i read, if you enter php code in a program like gimp or PS, it'll execute when the image is included in a php program.does anyone know how to prevent such a thing to happen? if so, please let me know.thanks :) Quote Link to comment Share on other sites More sharing options...
neohunter Posted November 27, 2006 Share Posted November 27, 2006 if you enter text on PS... php code... when you save the iamge... is just an image... i really dont understand Quote Link to comment Share on other sites More sharing options...
fert Posted November 27, 2006 Share Posted November 27, 2006 why would the web sever parse images? Quote Link to comment Share on other sites More sharing options...
darkcarnival Posted November 27, 2006 Author Share Posted November 27, 2006 somewhere i read this but i cant find the link anymore.i was hoping someone could confirm this or just say im worring over nothing. Quote Link to comment Share on other sites More sharing options...
mainewoods Posted November 27, 2006 Share Posted November 27, 2006 nobody includes images in php programs:[code]include "image.gif"; //???[/code]are you taking about the image exploit hack that surfaced maybe a year ago? That hack only became active when loaded in certain vulnerable graphics apps(I think it exploited vector graphics capabilies). That didn't affect php, it is a desktop security issue requiring patches. Quote Link to comment Share on other sites More sharing options...
darkcarnival Posted November 27, 2006 Author Share Posted November 27, 2006 oh ok then.like i said i lost the link, so i want to get a confirm on this.thanks for the confirming on this issue. Quote Link to comment Share on other sites More sharing options...
ess14 Posted November 27, 2006 Share Posted November 27, 2006 i think what your talking about is an injection attack.this is where if you have a file upload utility for someone to use they could upload an image that is not actually an image, it would have malicious code in it.http://php.robm.me.uk/there is a good readup on SQL injection attacks for you to read.make sure u sanitize any data being input by ur user and u'll be fine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.