If your server is a Unix platform, one thing you could do is run the shell command "file" against the uploaded file, and take a look at the result. This tool ignores any extension on the filename, and examines the content of the file itself against signature patterns it knows about.
For image, Marco Schmidt has some great 100% Java utilities that can verify the uploaded image type and other information.
http://www.geocities.com/marcoschmidt.geo/java-file-format-identification.html http://www.geocities.com/marcoschmidt.geo/image-info.html
Joe
--
Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "In fact, when I die, if I don't hear 'A Love Supreme,' I'll turn back; I'll know I'm in the wrong place."
- Carlos Santana
