The user does not even need to use a browser to upload to your server, they could use curl or write a script in order to upload files. Checking the file type by extension may not suffice then, so be sure to check the content for type signatures (e.g. using the file utility on most unix systems or a library).
Frontend engineer. Enthusiast of just-in-time learning and learning by teaching as well as deep work concept. Sharing coding tips & my thoughts on dev work.
The user does not even need to use a browser to upload to your server, they could use curl or write a script in order to upload files. Checking the file type by extension may not suffice then, so be sure to check the content for type signatures (e.g. using the file utility on most unix systems or a library).
yes, this will be covered as well :)
I think using a Nonce would also help in this scenario