Reply to Re: Audio files - *.mp3

Your name:

Reply:


Posted by Shelly on 07/10/05 14:53

"Mladen Gogala" <gogala@sbcglobal.net> wrote in message
news:pan.2005.07.10.06.52.03.37760@sbcglobal.net...
> On Sun, 10 Jul 2005 01:06:03 -0400, Dave wrote:
>
>> Thats not good advice. Using the file extension to guess what a file
>> contains is a Bad Idea(tm) and easy to get around.
>>
>> mime_content_type() or PECL fileinfo() should be used if they are
>> available, as they actually check portions of the file content to
>> determine filetype... if hosting is on Windoze I'm unsure if those
>> functions are available, but if not then other file-magic checkers are
>> probably available.
>
> If you are concerned about safety, that's not safe either as the first
> byte can be rigged to reflect whatever you have in the /etc/mime-magic. I
> assume that not everybody is allowed to upload files freely and that she
> takes care what is being done with the uploaded files. If she doesn't
> attempt to execute those files and if she takes care that they don't have
> execute permission, she's safe. Uploading files to somebody's computer is
> a privilege, which has to be earned. If you trust someone to put stuff
> onto your disk, you can also trust that what he says is an MP3 file is
> actually an MP3 file. Of course, if you attempt to execute a file with
> MP3 extension and change its execute permission in order to do that, you
> deserve whatever may befall you. I know about the mime_content_type
> function, but it returns a disgusting MIME string. Extension handling
> with a "switch" simplifies the code and doesn't need additional parsing
> of "application/png-image" type strings. I haven't checked PECL fileinfo
> yet, but I will certainly do that. Thanks for the tip.
>
> --
> http://www.mgogala.com
>

First, its "he", not "she". My plan was to do a virus check after the
upload before moving it from the upload directory to its final destination.
It would be available after that for users to run. I assume that the
running takes place on their machines, doesn't it? If the user clicks on
the file, doesn't he need the software on his own machine to run it?

Shelly (Sheldon)

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация