I want to provide my users with the option of uploading images to accompany their text posts. For security reasons I thought it may be a good idea to have the files uploaded a different webhost but would this really be of any advantage? I don't really want to pay for 2 web hosts but im paranoid of security holes. I have my upload script change their filename to:
myname.jpg
so that the server interprets it as a jpg, so if someone uploads
hackdatpassword.cgi
It is renamed to
myname.jpg
Also I have directory permissions set to 744, and the ftp login has a hidden username and password. This could be sniffed but not a whole lot i can do about that
Any other thoughts or suggestions, should i just use this setup on my webserver or should i spend alittle more money so i can throw all the uploaded images on a seperate server?
