Check image loading in .NET.

Question

Check image loading in .NET.

I have a page where the user can upload an image, which will subsequently be saved on the server. I am doing a simple check of the downloaded file by checking its extension (.jpg, .png, etc.).

Is this check sufficient to ensure server security? Or does this leave someone able to download malicious code that could harm my server? If you can check the downloaded images, how can this be done?

+3

security .net validation image

Burjua Feb 07 '11 at 16:59

source share

3 answers

Chris smith · Answer 1 · 2011-02-07T17:04:57+0000

Whenever end users post something to your server, there is a chance of malicious behavior. Although it is unlikely that double-clicking on the .jpg image will close your box, unknown things are known to happen. (For example, who knew that PDF files could contain so many security issues!)

It’s best to try uploading the image and see if the GDI + libraries are recognized as a valid image. If you do not get an exception at runtime, then you know that the image is "valid." This, however, will not protect you if uploading an image to GDI + does not decorate your box in the first place.

You can protect yourself even more by uploading the image to a separate AppDomain, but at the same time it reduces the potential threats.

Martin Buberl · Answer 2 · 2011-02-07T17:09:40+0000

/ MIME , urlmon.dll. .

, . , , .

Jason · Answer 3 · 2011-02-07T17:09:47+0000

, , . , . , , , . , - , , .

This answer ( Confirm image from file in C # ) seems to have some thoughts on actually verifying images programmatically.

Check image loading in .NET.

More articles: