skip to Main Content

I came across this answer: https://stackoverflow.com/a/70602109/6880256 and there is a line saying:

TLDR on that is you must assert because the file extension can’t be used to determine the file type for security reasons.

What is the security reason it is talking about?

2

Answers


  1. Well it just means, you cant tell from the file extension like .jpg that its not an executable or any other file.

    Login or Signup to reply.
  2. The security reason behind this that you cannot assume the content of a file because of it’s file ending.
    This basic Html file:

    <html lang="en">
      <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Website Title</title>
      </head>
      <body>
     </body>
    </html>
    

    can be saved as .ts, .js, .html, .fxml, .mp4 whatever you can think of basically.
    If you have a service and you only want to store .mp4 files on this service, imagine for example YouTube, then you can only assure that this file is infact a .mp4 file if you read its content and not only because its file ending is .mp4.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search