Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
webposer  
#1 Posted : Tuesday, December 06, 2005 2:00:49 AM(UTC)
webposer

Rank: Member

Groups: Member
Joined: 12/6/2005(UTC)
Posts: 1

Does Image Uploader do any sort of file checking to make sure the files that are being uploaded are truely acceptable file types. What safe guards are in place to make sure malicious content is not uploaded?

Thank you
- webposer
sunbomb  
#2 Posted : Wednesday, December 07, 2005 2:39:26 AM(UTC)
sunbomb

Rank: Member

Groups: Member
Joined: 9/15/2005(UTC)
Posts: 21

The only way Image Uploader checks for unacceptable file types is by looking at the file extension. So yes, if your users disguised a file by changing the extension, then they could upload it. The actualy checking of the file-type should really be done at the server side where you may have more resources to do this. Even here, it is quite difficult to tell if an acceptable file has been uploaded. Your authentication/authorization modules on the application (server side) should be robust enough that you don't allow any Tom, Dick or Harry to upload to your server. If a known user uploaded a malicious file or a bad file-type, at least you can tell who did it.

HTH.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.