FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » Security risks allowing users to upload a css file?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Security risks allowing users to upload a css file? [message #181397 is a reply to message #181389] Wed, 15 May 2013 10:12 Go to previous messageGo to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Am 15.05.2013 05:07, schrieb Bhushan N.N:

> Are there any security risks involved in allowing a user to upload a css file?

This depends on the way, how the CSS file is used on the server.

> I will be using the uploaded css file for a preview. Using another HTML template I already have on the server.

So - users can upload a file and this will be used by a
<link rel="stylesheet" type="text/css" href="..." />?

Well - it is possible to use CSS to obfuscate existing elements or even
to load data from other servers. So i would say - yes it is a risk if
you don't validate the CSS. It may not break your server, if it only
sends the data it stored earlier as a result of an upload - but it may
me misused by others to host fake websites on your machine.

--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: changing video source from youtube to my site
Next Topic: Booleans compared to strings
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Sep 20 13:43:52 GMT 2024

Total time taken to generate the page: 0.05012 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software