April 2016
Beginner
338 pages
7h 38m
English
Content preview from Sitecore Cookbook for DevelopersBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Restricting malicious files being uploaded to the media library
Sitecore has the facility of uploading media files that does not validate the extension or MIME type of file being uploaded. This would enable an adversary to upload a malicious file to the web server and attempt to execute it. To have restrictions over this, Sitecore provides the Upload Filter tool, which allows us to restrict certain extensions. You can download it from https://goo.gl/DxnwBk. However, is only restricting extensions enough? An adversary can rename the EXE file to JPG and upload it. Here, the file is still malicious. This recipe explains how we can restrict the file from being uploaded by checking its extensions, MIME types, and magic numbers.
How to do it…
Let's see ...