Menu
This is more me being curious to try and protect my system, say for an example a system stores their pdf in a blob in the database for a user to create code inside the file and save it as pdf which will then run on the server, even if using header('application/pdf')
if so, how can they protect themselves.
When storing the file, I upload it to the blob via a pdo param, and when displaying I use the following:
// We'll be outputting a PDF
header('Content-Type: application/pdf');
//echo the PDF to display it
print $get_certificate->fetch()->certificates_file;
First of, it's 99% of the time a bad practice to save a file in a database. You should probably save it on the file system, and store it's path in the db.
Then, yes it's possible to store malicious PDFs in a website, and users you serve a corrupted file to may be hacked.
A good practice is to test files. You can install virtual machines with antivirus engines and check the file. There may be API as well which would do that for you though.
And the best way for your users to protect themselves is to apply Adobe patches as soon as they get released.
184
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
