i have an asp.net mvc 2 application and i am using uploadify. I am uploading the files straight into a sql server db. What are the necessary checks i need to do and how? I would like to perform a anti virus scan? what are possible security loopholes here?
Asked
Active
Viewed 354 times
0
-
Are you parsing the XML on the server or you are storing the uploaded stream directly as a BLOB into the database? – Darin Dimitrov Jul 17 '11 at 22:14
-
the xml is stored as a blob in the db – user603007 Jul 17 '11 at 22:21
1 Answers
0
You could try feeding the uploaded stream into a XmlReader and parse through it. In the event of an exception chances are that there is something wrong with this XML file:
using (var reader = XmlReader.Create(uploadedFile.InputStream))
{
try
{
while (reader.Read())
{ }
// At this stage you may save the XML file into the database.
}
catch (Exception ex)
{
// probably not a valid XML file
}
}
If the uploaded XML files need to obey a certain structure you could validate them against an XSD schema by specifying this to the XmlReader.
Community
- 1
- 1
Darin Dimitrov
- 1,023,142
- 271
- 3,287
- 2,928