100% 安全的照片上传脚本 [英] 100% safe photo upload script
问题描述
问题很简单.如何使用 php 制作 100% 安全的照片上传脚本?是否有任何教程可以显示所有可能的安全漏洞?
Question is simple. How can I make 100% safe photo upload script with php? Is there any tutorials which shows all possible safeness's gaps?
不要让我看这个问题,因为他们只谈论大小.但我想确定的是,没有人可以上传 shell 和其他东西.因为它是一个大网站,需要 100% 安全的照片上传脚本.
Do not offer me to look at this question, because there they talk only about size. But I want to be sure, that nobody can upload shell and other stuff. Because it's a big website which need 100% safe photo upload script.
或者我应该允许会员将图片上传到像 imagehack 这样的容器并将他们的链接复制到我的网站?我想它是 100% 安全的,对吗?
or maybe I should allow members to upload pics to receptacles like imageshack and copy their link to my website? I guess it is 100% safe, right?
推荐答案
其实很简单.通过已知安全的图像过滤器运行所有上传的图像.如果它返回不是图像错误",那么您就有恶作剧了.(一个简单的例子是身份转换,或 JPEG 质量标准化技术.)重要的一点是,实际上使用过滤器的输出,而不是原始文件.
It's really rather simple. Run all uploaded images through an image filter that is known to be safe. If it kicks back with a "Not an image error", you have shenanigans. (A simple example would be an identity transform, or a JPEG quality normalization technique.) An important point, tho', is to actually use the output from the filter, not the original file.
这篇关于100% 安全的照片上传脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!