wierd question from a user

Nerigal

Verified User
Joined
Jul 6, 2009
Messages
124
i got one of my user asking me to use the function FileInfo to validate the MIME type of the current file based on certain bites in the file itself instead of just the file extension...

this is weird to me because...whats the point of using MIME type if you can fake example a .jpg file that contain executable content and execute it...

so do im wrong or this kind of validation is totally useless ?
 
You can override any mime types in htaccess

You should never trust just an extension.
 
i agree you can override mime declaration but you cant bypass it right ?
 
Back
Top