Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
Am I safer by insisting on receiving URLs only from them where I can go and dowload or even just copy it myself?
Any other best ways around inviting a typhoid Mary picture directly into my computer?
the only way you can be reasonably safe is to allow uploads to a sandbox ..you scan the contents with at least 3 different Av's..( and learn to read hidden / imbedded / encrypted data traces )
you then if they are shown "clean" imbed them in your pages ..
and even then you are not certain ..
there are other issues concerning your or others security involved with allowing the uploading of any data in any form to your space ..
Is that the same as downloading it? Is viewing it before I left click it as dangerous virus-wise as copying it?
I just tried it off of a Yahoo image search. It won't add itself onto a File in my Photosuite with ctrl V, but it will attach to a new Hotmail letter, then I can send it to send myself.
Any of this safer?
If you are certain that uploaded files cannot be executed, there should not be a problem.
I'm using the following exif_imagetype function that reads the first few bytes of the file to see if its actually an image or pdf etc.
Currently I only allow Gif and Jpgs to be added if its for Jo public use.
When it comes to private admin areas then I allow docs and other files.