3

With firebase, even if you specify the metadata and content type, what other steps can be taken to make sure that the file being uploaded is genuinely an image?

On client side, do we have libs in javascript that validate&verify images? I mean there is this post : Display image and Validation of image extension before uploading file Using Javascript

But it allows us to check the extension. What if a user renames an executable to .jpg and then uploads it. How can we prevent such situations?

Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
Avinash Lingaloo
  • 181
  • 3
  • 16
  • 1
    Note that there are images which are executables. I.e. it's wrong to assume the two categories are mutually exclusive. Hence, you do NOT check whether an image is really an image. You check whether the upload is (also) an executable. The overlapping category is almost wholly malicious. – MSalters Jan 29 '18 at 14:45

1 Answers1

0

I believed after all the precautions taken from our side, we should leave and trust the firebase team with the security part. Most probably they should have an antivirus software on their side.

Avinash Lingaloo
  • 181
  • 3
  • 16