Reply to thread

Message

[QUOTE="Comotose, post: 116229, member: 27598"]
Well, my concern is the security of the upload.

Obviously I can easily filter the user's input client-side to only proceed with the upload if the filename extension matches a permitted image type.

But there are many ways a cyber-thug can upload say myimage.gif that contains executable code, and just about everything about a file can be manipulated -- even the image header can be manipulated quite easily.

I doubt there is any practical way to upload a file with 100% security against unintended and undesirable manipulation, so it comes down to making it as difficult for them as possible.

So all things considered your statement that "you can detect the file type before the file is uploaded" is actually the essence of my question: How?

Incidentally, the SitePoint book I'm using as my reference source while trying to learn VB.NET was published in 2004, so it's always possible that I'm not aware of new versions of some commands.

Or am I over-thinking the whole thing?
[/QUOTE]

Verification