What is the most secure method for uploading a file?

Question

The company I work for has recently been hit with many header injection and file upload exploits on the sites we host and while we have fixed the problem with respect to hea

Answer 1

The best solution, IMHO, is to put the directory containing the uploaded files outside of the "web" environment and use a script to make them downloadable. In this way, even if somebody uploads a script it can not be executed by calling it from the browser and you don't have to check the type of the uploaded file.