I'm doing it to image uploads to prevent any embedded malicious code. Am I right in doing this?
But yeah my main question is how to actually do it, because I've never used ImageMagick before - I've just installed it on my server.
A:
There is no way any code in images should be able to execute itself on your server. Unless you actually parse images for code on request (never do that), you're far better & efficient off just serving the images (do not include() them in any code of course), just add them to the browser), and let virus-scanning software scan newly uploaded images in the background, with clamav for instance.
Wrikken
2010-07-20 22:05:07
Well I thought that too tbh, but in this question: http://stackoverflow.com/questions/1485419/security-issues-in-accepting-image-uploadsthere seems to be a theme of code execution within images. It doesn't matter whether the code gets executed by the server or the user, because I'm also a user and the hacker could potentially hijack my admin account.
Matt
2010-07-20 22:12:44
Code execution in images _only happens it you try to execute an image_. Don't do that, and don't set executable bits on images, and you're fine. Just don't be one of the lazy sods which don't like adding the .php extention to a filename and throw everything through the interpretor.
Wrikken
2010-07-20 22:24:22