News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tips #17 & #18 (When to Secure & File Uploads)
March 28, 2007 @ 17:19:49

The Zend Developer Zone continues their great series of security tips with two new posts - one talking about when to focus on security and the other about file uploads.

From the first, top 17:

Application security should not be a "when all else fails" situation. It's not something you can "put in later". As we've mentioned before, there is no single silver bullet to solve your application security issues. Security is something that should be rolling around in the back of your dead in the design phase, the coding phase, the testing phase, even after you've rolled your code into production.

And, from tip #18:

When you allow users to upload files, your system may be at risk. Always restrict the file types that you allow. Don't rely on a blacklist approach. [...] Be careful with file uploads and make sure you protect them with a whitelist policy instead. Make sure that the file that has been uploaded is of the type that you want to allow.
0 comments voice your opinion now!
securitytip consider security integrate file upload whitelist securitytip consider security integrate file upload whitelist


blog comments powered by Disqus

Similar Posts

International PHP Magazine: Poll Question: What Makes a Good PHP Security Architecture?

Ilia Alshanetsky\'s Blog: php|tek 2006

DevShed: Retrieving Information on Selected Files with a PHP 5 File Uploader

Ant Phillips' Blog: Integrating SAP NetWeaver in Zero PHP

PHPClasses.org: Lately in PHP podcast episode 41 - What Happened in the Security Attack to PHP.net?


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant opinion update podcast security version introduction release tool library laravel composer symfony framework community package interview language series mvc

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework