[Owasp-boston] Checking file types on upload
Patrick_Laverty at brown.edu
Thu Nov 12 09:31:31 EST 2009
Sorry for all the questions lately, but I'm wondering if someone has
come up with a reliable way to check actual file types when they get
uploaded to a server, preferably with PHP. We've had some issues where
people uploaded php files with a .jpg or .gif extension, so they slipped
by for a while.
We are turning off php in upload directories, among other security
steps, but I just wanted to see if I could do more than just checking
the file extension. Looking for that extra layer of security.
More information about the Owasp-boston