Really, thanks for the reply, but the jhove site is way over my head. Maybe someone will have a simpler answer. Terry
-----Original Message----- From: denstar [mailto:valliants...@gmail.com] Sent: Friday, November 05, 2010 9:59 PM To: cf-talk Subject: Re: Getting rid of maliceous code embedded in a jpg On Fri, Nov 5, 2010 at 8:27 PM, Terry Troxel wrote: > > I am trying to allow perspective clients to try my templates > image tools in order to see if it will help sway them. > I do not have any image samples with malicious code nor do I want any. > My question is if I use the coldfusion image tags or my trusty cf_imagecr > after the upload will it remove any of this or how about I save it as a png? > I do not want to open up any possible security issues. There was an awesome thread on the Railo list, titled "CFFile and MIME types", that covered this issue a bit. I think in the end, a virus scanner was the best bet? Maybe trying to convert the image to a different type would do the trick too, I can't remember if that was covered. There was a link for something that looked interesting: http://hul.harvard.edu/jhove/ But I don't know if it would work. I never got around to writing a wrapper for it to test with. =) I bet conversion would be enough, though you'd probably run into the odd legitimate file that didn't convert, for whatever reason. Better that than the alternative though, I say. There are potential false-positives with virus scanners too, although I'd wager less. :Den -- Any father whose son raises his hand against him is guilty of having produced a son who raised his hand against him. Charles Peguy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:338900 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm