Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: security: making sure graphics uploaded by users are safe

by dolmen (Sexton)
on Oct 01, 2009 at 14:38 UTC ( #798664=note: print w/ replies, xml ) Need Help??


in reply to security: making sure graphics uploaded by users are safe

  • 3.5. Check the file with an up to date antivirus
  • 3.6. Use Image::ExifTool. Any warning makes the image suspicious and you must reject it


Comment on Re: security: making sure graphics uploaded by users are safe
Replies are listed 'Best First'.
Re^2: security: making sure graphics uploaded by users are safe
by boardhead (Novice) on Oct 01, 2009 at 16:29 UTC

    ExifTool is not designed to detect security problems in images, so I don't think that exiftool warnings are very indicative of a problem like this. Instead of rejecting any image with a warning, I would recommend removing all metadata from the image with "exiftool -all=". This should also remove any warnings associated with the metadata. If warnings or errors persist after cleaning an image like this, then it would be reasonable to reject the image.

    - Phil Harvey

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://798664]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (15)
As of 2015-07-31 20:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (282 votes), past polls