I want to allow my website members to login to their accounts and upload files to my server so other members can view them. Files such as text files, image files, audio files and video files. But not program files or executable files.
Now, what features must my File Upload Form have ?
I need a complete list of Php features it must have. I need you to give me a complete list of Php Functions the File Upload Form must make use of.
Kindly list as many Php features and functions you can think of that my File Upload Form must have in order for it to be a Secure File Upload Form so no one can upload malicious files (virus, programs, etc.).
I am going to get the File Upload Form developed by a paid programmer. I need to give the programmer a list of features the File Upload Form must have. Here is my list of REQUIREMENTS so far:
Add filters and sanitizations so malicious files cannot be uploaded. Nor can sql injections can be made.
Only file types from White-List should be uploaded. Any File Types not listed on this White-List should be discarded and not uploaded. Error should be given that this type of file is not allowed to be uploaded.
Uploaded File should not be more than 100MB. Echo error if File Sizes exceed limit & halt script.
MUST check File Size with function: file_size():https://www.php.net/...unction.filesize.php
Set a maximum name length and maximum file size – Make sure to set a maximum name length and file size in order to prevent a Denial of Service attack.
If you do not know what I am talking about then read number "6" on the following link:https://www.opswat.c...ction-best-practices
MUST make use php of function getimagesize() for security purpose.https://www.php.net/...ion.getimagesize.php
Write to the file when you store it to include a header that makes it non-executable.
If you do not understand what I am talking about then read the line on the following link that comes just after the CONCLUSION section.https://www.wordfenc...oad-vulnerabilities/
MUST STORE all errors and DISPLAY all errors using traditional:
"Errors = "";.
On my script, fix my error coding mistakes related to the following format as I have no clue how to fix all that to store errors and display them.
"Errors = "";.
To detect File Details, should use php functions:
file_info() & mime_content_type():https://www.php.net/...ction.finfo-file.php https://www.php.net/...ime-content-type.php
Script Files (executable files) should not be uploadable. Only text files (.txt, .doc, .pdf, etc.), image files (.giff, .jpeg, etc.), audio files (.mp3, etc.) and video files (.mp4, .wav, etc.).
Script should check whether file upload was successful or not.
MUST check with upload with function: is_uploaded_file().http://php.net/manua...is-uploaded-file.php
NOTE: After the check, user must get notified whether file has been uploaded successfully or not.
END OF REQUIREMENTS
Should I get the programmer to add security features from other languages ? Currently, all my REQUIREMENTS revolve around Php as that is the only programming language I am learning. I do not have experience in any other languages. Server-side or Client-side.
Now, do you reckon I should get the programmer to add security features on Client-side ? If so, program in which language and make use of which functions from that language ? Can you give me a complete list ?
Q3. For security purpose, should I even bother getting the programmer to turn the current File Upload Form into an Ajax form ?
Q4. For security purpose, should I even bother getting the programmer to add Json or Jscript ? Are they really necessary ?
If so, which features and functions must be used to make the File Upload Form more secure ?
(I was just youtubing to learn more about Ajax and what is Json or Jquery and so I am very raw in these 3 fields. Hence, need your advice whether of these 3 should be added or not and what features and/or functions must be added from them 3).
Q5. Which language was used to build youtube you reckon and which of the functions were used from the language/s, you reckon ?
Q6. If you were in my position then which languages would you make use of and which functions and features of these languages would you make use of ? I need your complete list.