The essential steps in verifying a file upload

views:

334

answers:

+2 Q:

The essential steps in verifying a file upload

What would you say are the essential steps in verifying a file upload?

I'd tend to check the MIME type, give it a new (random) name, make sure its got an allowed file extension, and then I'd check the contents of the file. How do you go about it?

+1 A:

What does it mean that the file is "safe"? That it doesn't contain a virus? That you have enough memory to load it?

Also, please add clarifications by editing your original question, not by posting an answer.

Steve 2008-09-19 16:39:30

Check the file type, check the file size, the image dimension.

These are the 3 I always check to be sure to have good result.

Daok 2008-09-19 16:41:27

If you are receiving a gif file for a profile photo as example, you should check that the mime type is gif.
And that way you avoid uploading bad files.
Here you have an example using php.

Gero 2008-09-19 16:41:58

To make sure it's safe, is what I mean by verifying it.

2008-09-19 17:11:48

What does "safe" mean? Virus free? Unless you plan to execute it, you don't need to check for viruses.

S.Lott 2008-09-20 20:36:43

Depends on the expected file contents... might be a good idea to run a virus scan on the file.

EmmEff 2008-09-19 17:14:51

+1 A:

Check (in this order): the file MIME type (and note certain browsers have MIME type detection problems...); that the file path exists; that a previous version of the file with the same name doesn't exist, else, rev it; that the file isn't too big; on success, run a virus check on the server.

Ash Machine 2009-04-22 17:23:13

ansaurus

tags:

views:

answers:

The essential steps in verifying a file upload

related questions