suggestions please "what should i watch for/guard against' in a file upload situation?"

geekbuntu gmilby at gmail.com
Wed Oct 6 18:02:21 CEST 2010


in general, what are things i would want to 'watch for/guard against'
in a file upload situation?

i have my file upload working (in the self-made framework @ work
without any concession for multipart form uploads), but was told to
make sure it's cleansed and cannot do any harm inside the system.

my checklist so far is basically to check the extension - ensure it
has 3 places, ensure it's in the allowed list (like jpg gif etc...).

not sure what else i could do to guard against anything bad
happening.  maybe the file name itself could cause greif?

not sure but any suggestions or examples are most welcome :)



More information about the Python-list mailing list