But, how many beginner and intermediate PHP developers really know how to configure Apache for optimal security? And how many of those even have access to the Apache configurations? How many of those don't keep upto date with Apache updates and upgrades? As you probably know, it isn't apache or php that is insecure, it is the programmers ignorance that causes problems.
I am suggesting that a PHP programmer should write a script to store the files in a database because they will have absolute control over file storage. Although they might now be so confident with thier apache configurations, they should be more confident with thier own code. Since this script will be simple to write and have only three operations (uploading, downloading, checkfile), security flaws will be easier to spot. Therefor a PHP programmer who doesn't really know how to securely configure apache would not have to worry too much about a "hacker" figuring out a way to upload a file and execute it on the server.
And finally, file management is much much easier when you store the files in a database.
From: Chris Shiflett <shiflett@xxxxxxx>
Reply-To: shiflett@xxxxxxx
To: I l <isster@xxxxxxxxxxx>, php-general@xxxxxxxxxxxxx
Subject: Re: Re: PHP Security
Date: Thu, 9 Dec 2004 18:38:49 -0800 (PST)
MIME-Version: 1.0
Received: from pb1.pair.com ([216.92.131.4]) by mc8-f13.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Thu, 9 Dec 2004 18:42:23 -0800
Received: (qmail 24556 invoked by uid 1010); 10 Dec 2004 02:38:54 -0000
Received: (qmail 24461 invoked by uid 1010); 10 Dec 2004 02:38:54 -0000
X-Message-Info: JGTYoYF78jF3H/0o7K18tM9GRjbrgnXY
Mailing-List: contact php-general-help@xxxxxxxxxxxxx; run by ezmlm
Precedence: bulk
list-help: <mailto:php-general-help@xxxxxxxxxxxxx>
list-unsubscribe: <mailto:php-general-unsubscribe@xxxxxxxxxxxxx>
list-post: <mailto:php-general@xxxxxxxxxxxxx>
Delivered-To: mailing list php-general@xxxxxxxxxxxxx
Delivered-To: ezmlm-scan-php-general@xxxxxxxxxxxxx
Delivered-To: ezmlm-php-general@xxxxxxxxxxxxx
X-RocketYMMF: catfishhacker
Return-Path: php-general-return-203892-isster=hotmail.com@xxxxxxxxxxxxx
X-OriginalArrivalTime: 10 Dec 2004 02:42:23.0070 (UTC) FILETIME=[E05E7FE0:01C4DE61]
--- I l <isster@xxxxxxxxxxx> wrote: > the best security practice is to store the jpg file or any other > uploaded file in your mySql database. This way you never have > to worry about someone executing php by the url like > www.example.com/pic.jpg. To view the file, the user would type > www.example.com/veiw.php?fileID=3425433345.
That's the best? :-)
While I have a great deal of confidence in my code as well, I find it odd that you trust your own PHP code more than something like Apache, which has been tested by millions of people worldwide and is very mature.
I would argue that it's more likely that you'll make a mistake in view.php than it is that you will misconfigure Apache to process images as PHP.
Security is all about knowing what you can trust and what you cannot. A mistrust of everything (paranoid security) is not a good solution, and when there is a choice, the one with less risk is more secure. In this case, I don't agree with your decision. I would put my trust in Apache.
> I cann't really see any security problems here.
There are security concerns with everything, even if they're hypothetical (e.g., even when you can't discover an exploit). Be careful not to ever get too comfortable. :-)
Chris
===== Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming Soon http://httphandbook.org/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
