Home About Articles Contact Library Projects

Consortium News

Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links

Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

upload_max_filesize

Test Description

Checks if upload_max_filesize is greater than 256KB.

Security Implications

upload_max_filesize limits the maximum size of files that PHP will accept through uploads. Attackers may attempt to send grossly oversized files to exhaust your system resources; by setting a realistic value here you can mitigate some of the damage by those attacks. By default, PHP sets this value to 2MB.

Recommendations

You can set upload_max_filesize in the php.ini file:

; Lower upload_max_filesize for security reasons
upload_max_filesize = 256K

The setting can also be applied in apache's httpd.conf file, or an .htaccess file:

# Lower upload_max_filesize for security reasons
php_value  upload_max_filesize  256K

More Information

« Test information index

Get PhpSecInfo

Download Now »

Version: 0.2.1 20070406
md5 hash

Documentation

Mailing List »

Screenshots:

PhpSecInfo screenshot

PhpSecInfo screenshot