Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check file uploads #57

Open
Compro-Prasad opened this issue Apr 20, 2018 · 4 comments
Open

Check file uploads #57

Compro-Prasad opened this issue Apr 20, 2018 · 4 comments
Assignees
@realsdx
Labels
Security

Comments

@Compro-Prasad
Copy link
Collaborator

Allow documents and compressed files only.
@realsdx
Copy link
Member

realsdx commented Jun 19, 2019

You mean MIME Type checking ?

@Compro-Prasad
Copy link
Collaborator Author

Yes. But I am unsure if it reveals the extension's format or it actually reads file headers(first few bytes) like file command does. Because some people try to re-upload the file by just changing the extension which is not preferable from many standpoints.

@realsdx
Copy link
Member

realsdx commented Jun 20, 2019

Then, probably there is no better way. Also, as files are uploaded by staffs, not normal user and uploaded files are never executed (dajngo even never executes any arbitrary python files). So extension checking is good enough. MIME checking will just allow some extra layer. But, either way sever is never effected.

@Compro-Prasad
Copy link
Collaborator Author

Then do whatever is best for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@realsdx realsdx

Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Compro-Prasad @realsdx