Hi there,
After reading and a bit of researching I am wondering if there is a technique available that will securely allow users to upload files of all kinds/types/etc.
Let’s say that I want to start a website similar to dropbox, where anonymous users can upload files and share it with others. I’ve read about using MYSQL and BLOB but that is just a huge performance hit plus what if you want to make a backup of your database? If the site will get a lot of traffic, the database will grow to insane proportions. So that option is not good enough. I also read about renaming the uploaded file and move it below of www-root. This option seems a good one. I am just wondering what the opinion is of users inhere, and what the best approach is in setting up a site similar to dropbox.
I found a good article with examples on the link below.
Please read : http://www.acunetix.com/websitesecurity/upload-forms-threat/