security - node.js - secure image file upload -


we had implement image uploader node.js project. framework using express.js did described here: http://howtonode.org/really-simple-file-uploads

but not sure how secure image uploader. did far is:

  • checking file size
  • checking extension , header
  • rename file
  • file accessible on special route , not in root folder

is enough? don't feel comfortable following line:

    // checking filesize, extension, headers     fs.readfile(req.files.displayimage.path, function (err, data) {         ...         ...         ...         // renaming file         // save file         ...         ...         ...     }

is save read image way? afraid, there malicious code in req.files.displayimage.path. need add more checks or our checks sufficient? attack vectors offer attacker if use code described?

thank advices tschoartschi


Comments

Post a Comment

Popular posts from this blog

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

java - How should I set a HttpURLConnection to be the same as a HttpServletRequest? -

i have server, , want forward requests other server (maybe modifications). i use httpurlconnection connect second server (from first server). can lot of information httpservletrequest, example: getattributenames -> getattribute getheadernames -> getheader getparameternames -> getparameter getquerystring getreader (for body) but httpurlconnection can setrequestproperty(key, value). don't know whats different between attributes, headers, paramteres. how should set httpurlconnection same httpservletrequest? what information need "copy" or "clone" request? should attributes, headers, parameters , querystrings request , set of them setrequestproperty(key, value)?
Read more