If your server is a Unix platform, one thing you could do is run the shell command "file" against the uploaded file, and take a look at the result. This tool ignores any extension on the filename, and examines the content of the file itself against signature patterns it knows about.
Craig On Sun, 24 Oct 2004 22:30:43 -0400, Bill Siggelkow <[EMAIL PROTECTED]> wrote: > I know of no way to deterministically discover what type of file the > user sent. There is nothing to prevent a user from taking a .exe file > and changing the extension to .txt or anything else ... others may have > a better idea ... > > > > struts lover wrote: > > > Thanks Bill. > > I had another question. What if the user has some .exe > > file with .doc extension. I mean somefile.exe.doc. > > How do I check the valid file type with the extension. > > > > Thanks once again. > > > > --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: > > > > > >>U can set the accepted mime types on the input tag; > >>however, the browser > >>may not do anything with this information; so in > >>your ActionForm, I > >>suggest you validate the type by checking the > >>extension of the received > >>file name. > >> > >>struts lover wrote: > >> > >> > >>>Hi Everyone, > >>>I wanted to know what is the best practice for > >> > >>file > >> > >>>type validation. I want the user to allow to > >> > >>upload > >> > >>>only certain type of files and disallow all other > >>>types. > >>>I am using Struts FormFile. > >>> > >>>Any help would be appreciated. > >>>Thanks. > >>> > >>> > >>> > >>>_______________________________ > >>>Do you Yahoo!? > >>>Declare Yourself - Register online to vote today! > >>>http://vote.yahoo.com > >> > >> > >> > > --------------------------------------------------------------------- > > > >>To unsubscribe, e-mail: > >>[EMAIL PROTECTED] > >>For additional commands, e-mail: > >>[EMAIL PROTECTED] > >> > >> > > > > > > > > > > > > _______________________________ > > Do you Yahoo!? > > Declare Yourself - Register online to vote today! > > http://vote.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
