From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Vulnerability: Dangerous uploaded file type

Vulnerability: Dangerous uploaded file type

From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Start my 1-month free trial

Vulnerability: Dangerous uploaded file type

- [Instructor] Allowing users to upload files can be a great feature that enriches the content and user experience of a web application. However, it creates space for attacks. Let us say that our university application allows our students to upload their profile images to the server so they can have a complete profile. Uploaded images are saved in the public folder Profiles. Now, a user, by uploading an ASPX file, with dangerous ASP.NET code instead of an image file, the server could be easily attacked. A way to prevent users from uploading dangerous content will be by creating a blacklist of all the file extensions that we do not want them to upload. But of course there are too many file extensions, and we might forget one of them. So an easier approach would be by using a white list of allowed file extensions and reject all the files that do not match the extensions.

Contents