Should I validate file types on server upload, and how?
I am trying to implement secure file uploads. I need to support various file types, including PDF, XLS, and XSL. I have implemented some basic controls, such as:
Store files outside the web root
Check file extension against whitelist
Gene… Continue reading Should I validate file types on server upload, and how?