Megaupload

October 26, 2004

It was only three weeks ago that I made the previous release of the PHP edition of mega upload, It had to be followed up by another release today because 1.44 is not as secure as it should be.

As a downloader named Dimitry pointed out, the 1.4x branch passes the list of file names as part of the querystring. It does not make use of the internal post as the 1.3x branch does. This unfortunately leads to the possibility of a malicious user passing in bogus pathnames that could result in files been overwritten. Or would allow the user making a copy of important files on the server.

It should also be noted that the 1.4x branch readme file clearly states: MEGA UPLOAD 1.4x IS EXPERIMENTAL PLEASE DON'T USE IT ON PRODUCTION SITES USE 1.35 INSTEAD. 1.35 IS STABLE.

Well the issue has been addressed and in doing so another improvement has been made which makes it possible to handle a larger collection of files than the previous version. Here the reference is not to the file sizes but the number of files handled at a single upload.

Finally always remember that megaupload is just a progress bar for file uploads nothing else. You need to treat files uploaded with megaupload with the same level of distrust that you would with ordinary file uploads.


Posted by raditha at October 26, 2004 9:41 AM
Your Ad Here

 

Jabber  |  Linux  |  mySQL  |  PHP  |  Java  |  Site Map  |  Wiki

Downloads  |  About  |  Links  |  Contact  |  Home

 

Copyright © Raditha Dissanayake 2003 - 2007

Terms of Use  |  Privacy

 

 

October 2004
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31