hi

hmmmm
i am look in our arabic website and read some of about upload files ...
anyway the problems i get it there is no one talk about how to protect the site when the file upload to mysite any one can help me in that and thankx for every one help me befor

Sorry, I am having a little trouble understanding you. Is this what you were saying?



If that is what you want to know; I'm sorry but I can't answer that. To my knowledge, no human on earth has ever created a 100% secure file upload script. Now if you are uploading JPG's, GIF's, HTML, TXT, or other static files you don't really have to worry. Because the servers don't run those as scripts the just print them to the screen.

However, if you are uploading PHP, PERL, JAVA, etc... you will be putting your site at risk. because the server is set to RUN those files before sending them to the screen.

And there is more to this topic that I won't go into, but basically, no one teaches how to do it because no-one can.

yea that what i mean but sorry my bad english

So did that help?

ah okey let ask one thing..
if i am make uploading for all file all kind of files but i am force the
user to make it download and not show it like websites
filefront.com or rapidshar.com are that work to no one hack me ?!

Create a directory on your server that no one can access from the internet. For example if your website is located in on your server in this directory:

/www/html/yourwebsite/

Create a new directory OUTSIDE of your website that no one will be able to get to, like:

/www/yourwebsitesfiles/

Now no one will be able to type something like http://yourwebsite.com/yourwebsitefiles into their browser and get to the files from on the internet. The files will be hidden deep in your server.

Second, either limit the type of files to ZIP?ed/TAR archives (which is how filefront does it so that there is no danger of any bad scripts running) or rename all files to file-dot-extinction-dot-zip (like file.php.zip) so that the server THINKS that they are zipped archives. (You can find some really good tutorials on this in the tutorials section.)

Basically, if you only allow pictures or zipped files you are pretty much safe. If someone wants to upload a PHP file they will just have to ZIP it first!