My website allows [txt,csv,pdf,xlsx,xls,doc,docx,mp4...] files to be uploaded. In order to prevent malicious attacks, I don’t want [exe,bat...] to upload files disguised as the above. How can I verify that the content and extension of the uploaded file on my website are macthed.
Asked
Active
Viewed 185 times
1
-
1I guess you will need different libraries to check each file type. Try to read a xls file with the proper library and if it doesn't fail the content is correct respect to its extension. Do the same for any other extension. – Paco Abato Feb 08 '21 at 07:59
-
if malicious attacks is the only problem you have, you could use an online virus scanner api to scan files before transferring to your server – ahrooran Feb 08 '21 at 14:50
1 Answers
0
On Linux/Unix systems there is the file command that checks a file and decides on the file type. In your case I'd try to reuse that logic rather than implementing something yourself.
I am not sure whether that command is available on Windows. You might want to get it through Cygwin or compile it yourself.
Queeg
- 7,748
- 1
- 16
- 42