I guess you use some webserver, let's take apache. Apache's mime.conf has set several extensions, also php extensions. So only .php, .php3, .php4 files will be parsed by php.
Chad Day wrote:
I want to give my users the ability to submit a URL to a database, then when they pull up their page, their photo is included .. what I'm worried about is them pointing the link to some malicious code or something.. Obviously I can validate the file extension (.gif or .jpg) .. and I'm going to force the files to be stored offsite - they dont get to upload anything to the server. I'm just a bit paranoid about this, so I'm hoping someone more security-minded can tell me what to watch out for, what to check, if I'm missing anything.. Thanks, Chad
-- IPv6 + TCPA + wrecked Palladium server = NO COFFE! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
