Image Uploading - security issues
Posted
by TenaciousImpy
on Stack Overflow
See other posts from Stack Overflow
or by TenaciousImpy
Published on 2010-04-07T21:14:40Z
Indexed on
2010/04/07
21:23 UTC
Read the original article
Hit count: 396
Hi,
I'm developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either be a JPG or PNG. What security issues should I be concerned about doing this? I've seen various ways of embedding code within JPG files. Are there any methods in C# (or external libraries) which can confirm that a file is a JPG/PNG, otherwise throw an error? At the very least, I'm making the directory which holds uploaded images non-browsable and putting a max size limit of 1mb, but I'd like to implement further checks.
Thanks for any advice.
© Stack Overflow or respective owner