100%安全的照片上传脚本
问题很简单。如何用php制作100%安全的照片上传脚本?是否有任何教程可以显示所有可能的安全差距?
不要让我看这个问题,因为他们只谈论尺寸。但我想确定的是,没有人可以上传 shell 和其他东西。因为这是一个大网站,需要100%安全的照片上传脚本。
编辑:或者也许我应该允许会员将图片上传到 imageshack 等容器并将其链接复制到我的网站?我想这是100%安全的,对吧?
Question is simple. How can I make 100% safe photo upload script with php? Is there any tutorials which shows all possible safeness's gaps?
Do not offer me to look at this question, because there they talk only about size. But I want to be sure, that nobody can upload shell and other stuff. Because it's a big website which need 100% safe photo upload script.
Edit: or maybe I should allow members to upload pics to receptacles like imageshack and copy their link to my website? I guess it is 100% safe, right?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这真的很简单。通过已知安全的图像过滤器运行所有上传的图像。如果它返回“不是图像错误”,那么你就有恶作剧了。 (一个简单的例子是恒等变换或 JPEG 质量归一化技术。)不过,重要的一点是实际使用过滤器的输出,而不是原始文件。
It's really rather simple. Run all uploaded images through an image filter that is known to be safe. If it kicks back with a "Not an image error", you have shenanigans. (A simple example would be an identity transform, or a JPEG quality normalization technique.) An important point, tho', is to actually use the output from the filter, not the original file.
您需要考虑和注意的事项:
文件扩展名: Web 服务器使用文件扩展名来确定发送到客户端的 MIME 类型。您应该使用您允许的扩展程序白名单。在你的情况下,这将是图像扩展。
LFI: 正如 Matchu 已经提到的,本地文件包含可能是一个问题。如果您的应用程序具有动态包含,允许您包含任意文件,例如。
include($_GET['myfile']);它可以导致任意 PHP 执行。因此,您需要使用 basename() 来保护此类包含。这甚至可能发生在图像上,因为它们可以包含嵌入的注释。MIME-Type-Detection:这实际上并不是很为人所知,并且没有太多关于它的信息。 IE<8 有一个称为 MIME-Type-Detection 的功能,如果 Content-Type 与内容不匹配,它将尝试通过查看前 256 个字节来猜测类型。这意味着,如果您有一个名为 image.gif 的 PNG 文件,其顶部的注释为
,则 IE<8 将认为它是 HTML 并执行 JavaScript,从而导致 XSS 攻击。为了防止图像出现此问题,您可以使用 Williham Totland 提到的方法。我建议使用 getimagesize() 来检测图像是否有效并确保扩展名与类型匹配。
有一篇关于此问题的文章
Things you need to consider and watch out for:
File extensions: Webservers use the file extension to determine the MIME-Type sent to the client. You should use a whitelisting of extensions that you allow. In your case this would be image extensions.
LFI: As already mentioned by Matchu, local file inclusion can be an issue. If your application has dynamic includes that allow you to include an arbitrary file, eg.
include($_GET['myfile']);it can lead to arbitrary PHP execution. So you need to secure such includes by using basename(). This can even happen with images, since they can contain embedded comments.MIME-Type-Detection: This is actually not very well known, and there's not much information about it. IE<8 has a feature called MIME-Type-Detection which will, if the Content-Type does not match with the content, try to guess the type by looking at the first 256 bytes. This means, if you have a PNG file called image.gif with a comment at the top that reads
<script>alert('hello');</script>, then IE<8 will think it is HTML and execute the JavaScript, leading to an XSS attack.To prevent this issue for images you can use the approach mentioned by Williham Totland. I would suggest using getimagesize() to detect if the image is valid and to ensure that the extension matches the type.
There is an article written about this issue here.
正如您所提到的,还有另一个问题可以解决该问题< /a>.作者指出,只要他只接受正版图像文件并减小文件大小,他就应该是安全的,这是你唯一能做的事情。检查扩展名和 MIME 类型并拒绝任何与您想要的格式不匹配的内容。仍然有 RFI(好吧,这里更像是 LFI),但只要你不这样做随意包含文件而不执行健全性检查,你应该可以开始了。
As you mentioned, there's another question that addresses the issue. The author notes that he should be safe as long as he only accepts genuine image files and keeps down the filesize, which is about the only thing you can do. Check extension and MIME type and reject anything that does not match the formats you want. There's still RFI (well, more like LFI here), but as long as you aren't haphazardly including files without performing sanity checks, you should be good to go.