Image Uploading - security issues

Posted by TenaciousImpy on Stack Overflow See other posts from Stack Overflow or by TenaciousImpy
Published on 2010-04-07T21:14:40Z Indexed on 2010/04/07 21:23 UTC
Read the original article Hit count: 396

Filed under:
|
|
|
|

Hi,

I'm developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either be a JPG or PNG. What security issues should I be concerned about doing this? I've seen various ways of embedding code within JPG files. Are there any methods in C# (or external libraries) which can confirm that a file is a JPG/PNG, otherwise throw an error? At the very least, I'm making the directory which holds uploaded images non-browsable and putting a max size limit of 1mb, but I'd like to implement further checks.

Thanks for any advice.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about security