PHPDeveloper.org: Zend Developer Zone: Security Tips #17 & #18 (When to Secure & File Uploads)

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Community News: Symfony-Check.org (A Symfony Deployment Checklist)

Matt Williams' Blog: High level search with PHP and Apache Solr

Brian Swan's Blog: Retrieving Data with the OData SDK for PHP

Brandon Savage's Blog: The 15 Minute Rule Of Software Development

PHPBuilder.com: Create Custom Google Analytics Interfaces Using PHP

NETTUTS.com: Image Resizing Made Easy with PHP

Site News: Popular Posts for the Week of 03.19.2010

Symfony Blog: Running a TV station with symfony

Eli White's Blog: Conferences, Speakers & Presentations

Ibuildings techPortal: Zend Studio formatted for Zend Framework and ATK

Zend Developer Zone:
Security Tips #17 & #18 (When to Secure & File Uploads)

by Chris Cornutt March 28, 2007 @ 17:19:49

The Zend Developer Zone continues their great series of security tips with two new posts - one talking about when to focus on security and the other about file uploads.

From the first, top 17:

Application security should not be a "when all else fails" situation. It's not something you can "put in later". As we've mentioned before, there is no single silver bullet to solve your application security issues. Security is something that should be rolling around in the back of your dead in the design phase, the coding phase, the testing phase, even after you've rolled your code into production.

And, from tip #18:

When you allow users to upload files, your system may be at risk. Always restrict the file types that you allow. Don't rely on a blacklist approach. [...] Be careful with file uploads and make sure you protect them with a whitelist policy instead. Make sure that the file that has been uploaded is of the type that you want to allow.

0 comments voice your opinion now!
securitytip consider security integrate file upload whitelist securitytip consider security integrate file upload whitelist

Similar Posts

Wez Furlong\'s Blog: Programming PHP (Second Edition)

Ask Apache Blog: A better way to use PDF files online

Alison Lunde's Blog: Quick and Dirty PHP Caching

Evert Pot's Blog: Devshed article about SQL Injection

Stefan Priebsch's Blog: TDD in a self-experiment

Community Events

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework