Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: security: making sure graphics uploaded by users are safe

by dolmen (Beadle)
on Oct 01, 2009 at 14:38 UTC ( [id://798664]=note: print w/replies, xml ) Need Help??


in reply to security: making sure graphics uploaded by users are safe

  • 3.5. Check the file with an up to date antivirus
  • 3.6. Use Image::ExifTool. Any warning makes the image suspicious and you must reject it
  • Comment on Re: security: making sure graphics uploaded by users are safe

Replies are listed 'Best First'.
Re^2: security: making sure graphics uploaded by users are safe
by boardhead (Novice) on Oct 01, 2009 at 16:29 UTC

    ExifTool is not designed to detect security problems in images, so I don't think that exiftool warnings are very indicative of a problem like this. Instead of rejecting any image with a warning, I would recommend removing all metadata from the image with "exiftool -all=". This should also remove any warnings associated with the metadata. If warnings or errors persist after cleaning an image like this, then it would be reasonable to reject the image.

    - Phil Harvey
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://798664]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (4)
As of 2025-06-20 10:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.