Collaborate Disseminate
Am I gonna run into XSS attacks by doing this, or will a file download be prompted?
Are there security problems that would rise in a modern browser?
Continue reading Risks of serving untrusted content under HTTP Content-Type: text/plain?
after reading the data from the request as Stream i needed to convert it to Image so i used this Method:
Stream inputStream = HttpContext.Current.Request.InputStream;
Image img = Image.FromStream(inputStream)
so while im unable to know … Continue reading C# Image.FromStream is that secure?
after reading the data from the request as Stream i needed to convert it to Image so i used this Method:
Stream inputStream = HttpContext.Current.Request.InputStream;
Image img = Image.FromStream(inputStream)
so while im unable to know … Continue reading C# Image.FromStream is that secure?
Let’s say I develop an application that,
Allows any user to upload a file of only white listed mime content type and extensions (word and pdf).
Serves those files with the allowed extension and content type.
Is this a security risk? W… Continue reading Is it safe to serve any user uploaded file under only white-listed MIME content types?
We allow users to upload a number of files, all of which we either send over to scribd (doc, xls, ppts, etc) or display as a video ourselves (flv, mov, mp4, etc in flowplayer).
To avoid users uploading unsafe files, we check… Continue reading Using file extension and MIME type (as output by file -i -b) combination to determine unsafe files?
We allow users to upload a number of files, all of which we either send over to scribd (doc, xls, ppts, etc) or display as a video ourselves (flv, mov, mp4, etc in flowplayer).
To avoid users uploading unsafe files, we check… Continue reading Using file extension and MIME type (as output by file -i -b) combination to determine unsafe files?