Confirmed users
574
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 20:41, 27 January 2011
, 27 January 2011→Image Upload: Asked why.
(Update to link to latest version of Django security book) |
(→Image Upload: Asked why.) |
||
| Line 326: | Line 326: | ||
'''Upload Verification''' | '''Upload Verification''' | ||
*Ensure the image dimensions are within the defined range for the application (example 50x50 to 200x200) | *Ensure the image dimensions are within the defined range for the application (example 50x50 to 200x200). ''Interesting. Why?'' | ||
*Use image rewriting libraries to verify the image is valid and to strip away extraneous content. | *Use image rewriting libraries to verify the image is valid and to strip away extraneous content. | ||
*Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload). | *Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload). | ||