>>>>> "James" == James Fleming <jamesfleming94588yahoo.com> writes:

    James> I am building a system where the user can upload a file. I
    James> want to restrict the file types.

You can restrict the mime types you accept, but you can't really
guarantee that a byte stream under complete control of the adversary
will really be of the announced type. You can enforce simple
restrictions like text/plain == "each octet must be between 0x20 and
0x7f". But anything slightly more complicated is pretty much doomed.
Just imagine having to check if what you are receiving really is an MS
Word document.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]