andrew Sullivan
Reputation: 4084
validate file type extension
How to prevent exe file upload in asp.net mvc.
Upvotes: 0
Views: 713
Answers (1)
Steven
Reputation: 172666
If you are trying to prevent users uploading dangerous content, preventing them to upload exe files isn't enough. This is a black list approach. Much better is to ask yourself what are the valid file types you do support and block all others. This is a white list.
To allow certain file types you can check for the extension, but perhaps also validate the file header (the first couple of bytes from a file) to detect whether it is actually of the type you expect. You will have to figure out for each file type what the possible headers are.
Good luck.
Upvotes: 2
Related Questions
- File Mime Type Checking
- How to validate file type of HttpPostedFileBase attribute in Asp.Net MVC 4?
- How to check file extension before displaying in view
- How to get the File's Content Type in asp.net mvc 5
- Validate uploaded file extension
- file validation - content type or extension?
- Validate file extensions in Apex
- Remote file extension validation in ASP.NET MVC3 with C#?
- Detect incorrect file type
- ASP.NET how to check type of the file type irrespective of extension