TrophyCustomer's Canvas is honored with a 2020 InterTech Technology Award! Learn more 
Welcome Guest! You need to login or register to make posts.



Go to last post Go to first unread
#1 Posted : Tuesday, December 6, 2005 2:00:49 AM(UTC)

Rank: Member

Groups: Member
Joined: 12/6/2005(UTC)
Posts: 1

Does Image Uploader do any sort of file checking to make sure the files that are being uploaded are truely acceptable file types. What safe guards are in place to make sure malicious content is not uploaded?

Thank you

- webposer
#2 Posted : Wednesday, December 7, 2005 2:39:26 AM(UTC)

Rank: Member

Groups: Member
Joined: 9/15/2005(UTC)
Posts: 21

The only way Image Uploader checks for unacceptable file types is by looking at the file extension. So yes, if your users disguised a file by changing the extension, then they could upload it. The actualy checking of the file-type should really be done at the server side where you may have more resources to do this. Even here, it is quite difficult to tell if an acceptable file has been uploaded. Your authentication/authorization modules on the application (server side) should be robust enough that you don't allow any Tom, Dick or Harry to upload to your server. If a known user uploaded a malicious file or a bad file-type, at least you can tell who did it.


Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.