Implementing Secure File Upload

This post is about building a set of defensive layer around the process of uploading the file. File upload is a very critical process and often exploited by the hackers. The consequences of a successful file upload exploit could be complete disclosure of the source code of the target application or malware infection of the server.

There are 2 ways to store the uploaded file – in file system or in database. Here I will discuss pros and cons of both the approaches and also demonstrate how to implement secure file upload in PHP.

Continue reading