Jonathon Posted September 4, 2013 Share Posted September 4, 2013 Hi Larry, I wanted to get your opinion on how to deal with sites that upload and can share media of some kind. I've currently restricted users to only being able to upload certain types of files by mime-type as shown in the book. I have the files stored in a protected directory. I then looked into virus protection, I've seen that you can use things like SiteLock that scan your systems. But I've also seem things like http://php-clamav.sourceforge.net/ that seem to scan the file as it's uploaded. I haven't looked anymore into this yet. I just wondered what your perspective on this kind of thing is and how to combat it? Thanks Jonathon Link to comment Share on other sites More sharing options...
Larry Posted September 4, 2013 Share Posted September 4, 2013 For optimum security, I would: - Restrict the file upload by size - Use Fileinfo to restrict the file upload by type - Store the uploaded file outside of the web root directory - Rename the uploaded file I think that's reasonably secure for most uses. The use of ClamAV via PHP-ClamAV would be a nice additional layer, but you'll have to factor in the extra time required to do the virus scan on all uploaded files. Link to comment Share on other sites More sharing options...
Jonathon Posted September 4, 2013 Author Share Posted September 4, 2013 Hi Larry, I do believe I have already done all that. Thanks for letting me know your approach. Thanks Jonathon Link to comment Share on other sites More sharing options...
Edward Posted September 4, 2013 Share Posted September 4, 2013 Jonathon since you are talking about file uploads, can you tell me any Yii extension you would recommend or have had success with for doing this? I used the SWFUpload for loading up multiple pictures but i need to make an upload script for uploading a profile picture and need to use something else, otherwise i will have to try to configure SWFUpload to work for both situations which means doing a lot of extra coding. Link to comment Share on other sites More sharing options...
Jonathon Posted September 4, 2013 Author Share Posted September 4, 2013 I didn't use any extensions, I built it all into the model. I used the file validator in the rules() and set the 'maxSize' 'maxFiles' 'mimeTypes'. and CUploadedFile. It's pretty much what's written in the book under common form needs. Link to comment Share on other sites More sharing options...
Edward Posted September 5, 2013 Share Posted September 5, 2013 Okay ill try to find one that i can use. Doing what you are doing alone is not enough for my situation. Thanks Link to comment Share on other sites More sharing options...
Jonathon Posted September 5, 2013 Author Share Posted September 5, 2013 I did look at using this too: http://www.yiiframework.com/extension/clamdscanvalidator/ Link to comment Share on other sites More sharing options...
Edward Posted September 5, 2013 Share Posted September 5, 2013 Yes that's cool but my site is not on the server yet, i was looking for something more with javascript features so the image was displayed on the screen once you uploaded it and you can remove it via javascript. The problem with the last script i wrote is that images have to be uploaded to the server and unused images have to be removed later on through a cron job or admin feature. You can't be sure that someone will use that picture that they have uploaded. On my site you can upload 100 pictures or more for an item if you really wanted to, they display on the screen and can be removed via the screen. And the picture's show up again at the point at which you are up to after a php form submission. I spend 6 weeks i think on that uploader part, but like i said the SWFUpload script was built only to handle that page and would take alot of additional coding to handling a single upload so i am looking for something more simple this time. Eh what the heck maybe i will try to make SWFUpload multitask, i guess may be its not that difficult. Link to comment Share on other sites More sharing options...
Recommended Posts