realsdx
commented
5 years ago You mean MIME Type checking ?
Open Compro-Prasad opened 6 years ago
realsdx
commented
5 years ago You mean MIME Type checking ?
Compro-Prasad
commented
5 years ago Yes. But I am unsure if it reveals the extension's format or it actually reads file headers(first few bytes) like file command does. Because some people try to re-upload the file by just changing the extension which is not preferable from many standpoints.
realsdx
commented
5 years ago Then, probably there is no better way. Also, as files are uploaded by staffs, not normal user and uploaded files are never executed (dajngo even never executes any arbitrary python files). So extension checking is good enough. MIME checking will just allow some extra layer. But, either way sever is never effected.
Compro-Prasad
commented
5 years ago Then do whatever is best for now.
Allow documents and compressed files only.