Now You are simply twisting what I said by using the word "implying". I can just as well say you are implying that you agree with me and are out of arguments.
The extra security, among other factors, comes from MySQL always handling the input as data. When you store data on filesystem it is handled as a file, which can be an executable file, depending on permissions. Data stored in MySQL is never handled as executable file...
MOBCOM
Last Activity: Jan 23 '10, 10:27 AM
Joined: Jan 21 '10
Location:
-
Re-read my previous post.
My justified bias was not against competitors, but against your claim that "Smart companies like Google and Yahoo" are secure. I'll say again - No ESP can make the attachments they forward 100% secure as almost all attachment formats (jpeg,png,gif,p df,js,flash,etc .) can contain (encrypted,obfu scated) malicious code, so anti-virus and disabling .exe attachments is faux-security to...Leave a comment:
-
My statement's wording is correct. It's not the php code that is the issue, the permissions of the uploaded file can be easily set to be non-executable (heard of chmod?). The issue is that historically there have been plenty of attacks which exploit vulnerabilities on the server level.
Because by nature it is possible to "sanitize" photos and videos by e.g. re-converting them to a different format....Leave a comment:
-
Hello Atli, Kovik,
I may actually have a situation where using mysql blobs is preferrable to filesystem for unsearchable binary data.
We have been using filesystem to store photos and various formats of videos, but now are looking into mysql for mail attachments.
The three reasons we consider mysql now are these (control and security):
1. Whereas the web-accessible photos and videos are post-formated...Leave a comment:
No activity results to display
Leave a comment: