Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>as you said, you should just validate image type by its file extension. since request header can be faked, it's not reliable.</p> <p>for maximum upload size, you need to update your web.config or machine.config depending on your needs - app level or machine level.</p> <p>for IIS6:</p> <pre><code>&lt;location path="upload"&gt; &lt;system.web&gt; &lt;httpRuntime maxRequestLength="xxx" /&gt; &lt;/system.web&gt; &lt;/location&gt; </code></pre> <p>for IIS7: <a href="http://support.microsoft.com/kb/942074/" rel="nofollow noreferrer">http://support.microsoft.com/kb/942074/</a></p> <p>as for validating dimensions, you have to read in the image and check for its <code>width</code> and <code>height</code> properties and this is the constructor <a href="http://msdn.microsoft.com/en-us/library/z7ha67kw" rel="nofollow noreferrer">bitmap class</a> to do that in-memory. if you want to save the image to file first, then use <a href="http://msdn.microsoft.com/en-us/library/0cbhe98f" rel="nofollow noreferrer">this one</a>.</p> <p>fine print: increasing this value may make you become a Denial of Service (DOS) attack victim as described <a href="http://nullablecode.com/2011/02/maxrequestlength-packet-sizes-size-isnt-everything/" rel="nofollow noreferrer">here</a>.</p> <p>security measures:</p> <ul> <li>one work around i can think of at this moment is setup another server/machine to handle file upload so your main web server is not taking the hit.</li> <li>use <code>&lt;location path="my-upload-path"&gt;</code> to apply this setting to a single location.</li> <li>consider using <a href="https://stackoverflow.com/questions/10348554/large-file-upload-using-httphandler-or-httpmodule">HttpHandler or HttpModule</a> to handle upload.</li> </ul> <p>i'll update my answer once i have a better solution than that.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload