473,386 Members | 1,752 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > check that uploaded photo is a jpeg

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Check that uploaded photo is a JPEG

Hi

I'm setting up a site where users will be able to upload photos. I'd
like to be able to ensure that they're uploading JPEGs, and not
malicious code. I've tried checking the MIME type, but that doesn't
seem to be reliable; for example if you rename an .exe to .jpg and
upload using Firefox, it returns "image/jpeg" (IE 6 returns
"application/octet-stream").

I understand that there probably isn't a surefire solution to this,
but a little security is better than none. Any advice? I'm using VB
2005 but I can read C# if I need to :)

Thanks
Chris

Feb 8 '07 #1
3 1949
On Feb 8, 1:06 pm, "Chris Mahoney" <chrismaho...@gmail.comwrote:
Hi

I'm setting up a site where users will be able to upload photos. I'd
like to be able to ensure that they're uploading JPEGs, and not
malicious code. I've tried checking the MIME type, but that doesn't
seem to be reliable; for example if you rename an .exe to .jpg and
upload using Firefox, it returns "image/jpeg" (IE 6 returns
"application/octet-stream").

I understand that there probably isn't a surefire solution to this,
but a little security is better than none. Any advice? I'm using VB
2005 but I can read C# if I need to :)

Thanks
Chris
I would think the obvious (if not necessarily most efficient) solution
is to use System.Drawing.Image.FromFile(...): you can then check the
RawFormat property, or trap for any exceptions for invalid files. I
don't believe FromFile() can cause malicious code to execute.

Feb 8 '07 #2

"Chris Mahoney" <ch**********@gmail.comwrote in message
news:11**********************@k78g2000cwa.googlegr oups.com...
Hi

I'm setting up a site where users will be able to upload photos. I'd
like to be able to ensure that they're uploading JPEGs, and not
malicious code. I've tried checking the MIME type, but that doesn't
seem to be reliable; for example if you rename an .exe to .jpg and
upload using Firefox, it returns "image/jpeg" (IE 6 returns
"application/octet-stream").

I understand that there probably isn't a surefire solution to this,
but a little security is better than none. Any advice? I'm using VB
2005 but I can read C# if I need to :)

Thanks
Chris
Hi Chris

First check it with HttpPostedFile.ContentType

Then try to create a System.Drawing.Image object from a given source. If
this succeeds, you can be fairly certain the source is a valid image. In
addition, check Img.RawFormat

Sample code:

Try
Dim Img as System.Drawing.Image =
System.Drawing.Image.FromFile("C:\MyImage.gif") 'FromStream(...)

if (Img.RawFormat.Equals(System.Drawing.Imaging.Image Format.Jpeg)) then
... ok
Else
... wrong
End if
Catch
... wrong
End Try
Feb 8 '07 #3
On Feb 8, 3:23 pm, wizof...@hotmail.com wrote:
>
I would think the obvious (if not necessarily most efficient) solution
is to use System.Drawing.Image.FromFile(...): you can then check the
RawFormat property, or trap for any exceptions for invalid files. I
don't believe FromFile() can cause malicious code to execute.
On Feb 8, 9:42 pm, "Alexey Smirnov" <alexey.smir...@gmail.comwrote:
>
Then try to create a System.Drawing.Image object from a given source. If
this succeeds, you can be fairly certain the source is a valid image. In
addition, check Img.RawFormat
Thanks to both of you for your help. So far it's worked with every
weird and wonderful combination I've thrown at it :)

Chris

Feb 8 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Check $photo size and extension not working
by: Philip D Heady | last post by:
Ok, here's my code. Can't get it to check file extension properly or file size...had it working before but not sure why it's buggy now. } elseif ($photo) { $ext = strtolower(substr($photo,...
PHP
1
check if image is partially uploaded with ftp-software
by: geradeaus | last post by:
Even if you upload an image partially with ftp software, you can still read the image. Only the image will be partially gray. So, can I determine with a php-function if an image is fully uploaded...
PHP
2
Image::Magick and Tk::Photo
by: Eric McDaniel | last post by:
I am trying to read in a bunch of images and manipulate them using Image::Magick, then display them using Tk::Photo. I would like to do this without creating a temp file for each image, since there...
Perl
2
OLE-Objekt (Photo Editor) im Access 2003 nicht mehr verfügbar
by: falk.strobach | last post by:
Hallo, ich habe mir im Access eine Bilddatenbank angelegt. Die Bilder sind als OLE-Objekt (verbunden mit dem Photo Editor) in der Datenbank enthalten. Mit der Umstellung auf MS Office 2003 gibt...
Microsoft Access / VBA
5
Problem viewing uploaded images using ASP.NET
by: IkBenHet | last post by:
Hello, I use this script to upload image files to a folder on a IIS6 server: ******************* START UPLOAD.ASPX FILE ********************** <%@ Page Language="VB" Debug="true" %>
ASP.NET
2
Resizing uploaded image before saving to database
by: Brad | last post by:
I have code which takes an image, uploaded from a web page, and saves it to a database. Now I want to always resize an uploaded image before it is saved to the database. My code to resize is...
Visual Basic .NET
0
Uploaded files can not be viewed
by: IkBenHet | last post by:
Hello, I use this script to upload image files to a folder on a IIS6 server: ******************* START UPLOAD.ASPX FILE ********************** <%@ Page Language="VB" Debug="true" %>
.NET Framework
2
check for jpg and gif without Zend?
by: Geoff | last post by:
Hi Previously I was able to check for an uploaded file to be a jpg or a gif by using the exif_imagetype() function. I had to change from hosting provider and the new one doesn't want to...
PHP
1
Uploadin Photos and photo info to mysql
by: cumupkid | last post by:
II am trying to create a form that will allow me to upload photos to a folder in the site root directory and add the information to the mysql db at the same time. I have created two forms, one...
ColdFusion
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!