Jump to content

securing an image in php


darkcarnival

Recommended Posts

hi,

i found a tutorial on this but now i cant find it anymore :( :'(

basically I'm trying to figure out how you would protect an image form executing php code.

from what i read, if you enter php code in a program like gimp or PS, it'll execute when the image is included in a php program.

does anyone know how to prevent such a thing to happen? if so, please let me know.

thanks :)
Link to comment
Share on other sites

nobody includes images in php programs:
[code]include "image.gif"; //???[/code]
are you taking about the image exploit hack that surfaced maybe a year ago?  That hack only became active when loaded in certain vulnerable graphics apps(I think it exploited vector graphics capabilies).  That didn't affect php, it  is a desktop security issue requiring patches.
Link to comment
Share on other sites

i think what your talking about is an injection attack.

this is where if you have a file upload utility for someone to use they could upload an image that is not actually an image, it would have malicious code in it.

http://php.robm.me.uk/

there is a good readup on SQL injection attacks for you to read.
make sure u sanitize any data being input by ur user and u'll be fine.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.