Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
608 views
in Technique[技术] by (71.8m points)

asp.net - validate file type extension

How to prevent exe file upload in asp.net mvc.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

If you are trying to prevent users uploading dangerous content, preventing them to upload exe files isn't enough. This is a black list approach. Much better is to ask yourself what are the valid file types you do support and block all others. This is a white list.

To allow certain file types you can check for the extension, but perhaps also validate the file header (the first couple of bytes from a file) to detect whether it is actually of the type you expect. You will have to figure out for each file type what the possible headers are.

Good luck.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...