Hi
I am looking for some way to validate mp3 files when uploading to the server by the client. I can restrict its size and check mp3 extension, but I am not sure how to check if it is really mp3 file. Can I have some potential uploading attack troubles, if validating only size and extension?
Thank you
How to validate file when uploading
Moderator: General Moderators
-
impulse()
- Forum Regular
- Posts: 748
- Joined: Wed Aug 09, 2006 8:36 am
- Location: Staffordshire, UK
- Contact:
I know it's a long shot but couldn't you install an MP3 player on the server, and everytime an MP3 is uploaded run a shell command to try and play that MP3? If it fails to play the MP3 it returns false and if it plays, it returns true?
I can imagine it might be tricky to code.
Mind, I think that would only work on *nix servers.
I can imagine it might be tricky to code.
Mind, I think that would only work on *nix servers.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Execution of the file is possible depending on your server's settings. Even without browser activated execution, it's still possible to hide malicious code in it then use a security hole in one of your scripts to execute it, or possibly another account on the server. The malicious data may not be intended for your server either. It may be intended to create a buffer overflow in a vulnerable player or browser thus allowing arbitrary code execution. While the chances of those are small, in all probability, anytime you allow a user to store data on your server, you have potential holes for attacks.