Not sure if I would worry about that. The virus checker on the system using
the jpg or swf should pick up the virus. But perhaps there is a serverside
PHP virus alternative someone has out there.

--
Lon Hosford
www.lonhosford.com
May many happy bits flow your way!
[quoted text, click to view]
I am trying to let users upload files to my website using flash 8 and php.
However I don't want to find that soemone has upload a virus to my site. I
have put in the security measure that the user can only upload file types
with
ext .jpeg or .swf, however I'd imagine it is evry easy to forge this. I
don't
want to purchase some extra software to protect my site, but I would like
more
security than I have. I am not a programming genius with asperations of
causing
havoc so I don't know what to look out for, but I guess I really need to
check
that what is being uploaded is a jpeg or swf file before it is uploaded to
the
server and not just with that ext. If anyone knows of anything I can do to
prevent a virus being uploaded then please reply. Thanks in advance jonnie.

I am trying to let users upload files to my website using flash 8 and php.
However I don't want to find that soemone has upload a virus to my site. I
have put in the security measure that the user can only upload file types with
ext .jpeg or .swf, however I'd imagine it is evry easy to forge this. I don't
want to purchase some extra software to protect my site, but I would like more
security than I have. I am not a programming genius with asperations of causing
havoc so I don't know what to look out for, but I guess I really need to check
that what is being uploaded is a jpeg or swf file before it is uploaded to the
server and not just with that ext. If anyone knows of anything I can do to
prevent a virus being uploaded then please reply. Thanks in advance jonnie.

Thanks for your reply. Just to clarify your answer. Flash should automatically
detect as to whether a file is a genuine .jpeg or .flv or (whatever file type)
and if it detects a file as being a virus it will not let the user select this
file as a file for upload?

I would use what I could to limit the non-malicious user to send the proper
file types and there is a type property to help.
Example from MM Help.
var imageTypes:Object = new Object();
imageTypes.description = "Images (*.jpg, *.jpeg, *.gif, *.png)";
imageTypes.extension = "*.jpg; *.jpeg; *.gif; *.png";
allTypes.push(imageTypes);

...... More code

fileRef.browse(allTypes);


A serverside script is likely needed to handle the multipart/form-data
coming from Flash. Flash is probably doing no more than what you do in html

<FORM METHOD=POST ENCTYPE="multipart/form-data"
ACTION="uploadserversidescript.php">
File to upload: <INPUT TYPE=FILE NAME="file"><BR/>
<INPUT TYPE=SUBMIT VALUE="Submit"/>
</FORM>
Flash can help filter the file extension but I do not believe it will look
at the bit structure in the file to help determine the type. I suspect it
could upload any file on the computer the user selects. The file extension
of course does not guarantee the contents of a file, rather I believe that
the bit layout in the file is the signature that would be used to identify
the file type if need be.

If you want to validate the file bit structure, you may need the server side
to do that work and it can accept or reject the upload.

You can limit the size by checking the size property in the onSelect
handler.


--
Lon Hosford
www.lonhosford.com
May many happy bits flow your way!
[quoted text, click to view]
Thanks for your reply. Just to clarify your answer. Flash should
automatically
detect as to whether a file is a genuine .jpeg or .flv or (whatever file
type)
and if it detects a file as being a virus it will not let the user select
this
file as a file for upload?

Thanks Lon, and thanks for answering a different thread of mine aswell! I am
fairly new to programming, so please bare with me. If flash can't determine the
file bit type, and you think this is possible with the server side code?. If so
do you know what I should be looking at (i'm using php). I know how to again
check the file ext. with php but not the bit type... (is the bit type the MIME
type? or am i getting confused?) if so I can also check the file MIME type
using php. Thanks for your help. Jonnie.

Its a bit (pun was accidental) over my head in how to code and may not be
doable in typical serverside scripting languages like PHP and VBScript and
Javascript. Going on general knowledge that there are bit layouts in files
like jpg and even swf. Languages like C and C++ let you get at them. Those
bit patterns can be used to help identify the file I would think.

The only item I ever tried was writing out and reading a swf file using C
for a learning experience. Programming was not difficult but understanding
the use of the bits and bytes for the file layout was mind numbing.

You might try some web searches with server side scripting file upload type
detections type of word combinations.

--
Lon Hosford
www.lonhosford.com
May many happy bits flow your way!
[quoted text, click to view]
Thanks Lon, and thanks for answering a different thread of mine aswell! I am
fairly new to programming, so please bare with me. If flash can't determine
the
file bit type, and you think this is possible with the server side code?. If
so
do you know what I should be looking at (i'm using php). I know how to again
check the file ext. with php but not the bit type... (is the bit type the
MIME
type? or am i getting confused?) if so I can also check the file MIME type
using php. Thanks for your help. Jonnie.