http://www.perlmonks.org?node_id=798241


in reply to security: making sure graphics uploaded by users are safe

A good trick might be to randomly change the size, the format or the resolution of the image a few times (of course ending up with the original size and resolution or with a standard size, format and resolution). This is likely to seriously scramble the contents of the file and break any embedded code.

Especially if you use a "lossy" format such as jpeg the chances of anything hidden in the file to survive will be low.

Unfortunately it will also reduce the quality of the image, but nowadays, most images have too high a resolution for webpages anyhow and reducing this to a mofre reasonable resolution will also serve the purpose of "destroying" any unwanted payload in the file.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

  • Comment on Re: security: making sure graphics uploaded by users are safe

In Section Seekers of Perl Wisdom