On Fri, Sep 24, 2010 at 12:23 PM, Federico Capoano <nemesis.des...@libero.it> wrote: > I can't trust the user because this field will be used in the > frontend, which will be an app similar to the django admin, but much > more limited. > > So according to what you said, there is no standard way to do this. > the second solution seems interesting. > > But what if I wanted to restrict to images? > > What's the best way to avoid security issues? Maybe store the file > somewhere hidden would be safer? >
Depends what you mean by 'standard'. I would consider it standard to validate user supplied input, and that process is the same regardless of filetype, the only thing that changes is how you validate the input. For images, you can simply use a ImageField, which uses PIL to validate that the uploaded file is an image file supported by PIL. I don't understand what security issues you are referring to. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
