Archive for June, 2010

File Uploads

In the last post, I covered Magic Numbers and how they can be used along with file extensions to validate file uploads. What would happen if you did not restrict the file types you users can upload and picked the wrong location to save them on your server? What if a user uploaded a JSP file?
Read more…

Categories: Java Tags: ,

Magic Numbers

Many web applications allow their user’s to upload files on their computer to the application’s remote server. An example of this type of application is an image sharing service where you can upload and share your vacation photos. This type of application has no reason to accept MS Word documents, PDF files, or mp3 files. It makes sense to empower the application to reject undesirable file types.

So how do you prevent users from uploading PDF files, MS Word documents, etc to your image sharing service?
Read more…

Categories: Java Tags: , ,