i have an asp.net mvc 2 application and i am using uploadify. I am uploadi开发者_如何学Gong the files straight into a sql server db. What are the necessary checks i need to do and how? I would like to perform a anti virus scan? what are possible security loopholes here?
You could try feeding the uploaded stream into a XmlReader and parse through it. In the event of an exception chances are that there is something wrong with this XML file:
using (var reader = XmlReader.Create(uploadedFile.InputStream))
{
try
{
while (reader.Read())
{ }
// At this stage you may save the XML file into the database.
}
catch (Exception ex)
{
// probably not a valid XML file
}
}
If the uploaded XML files need to obey a certain structure you could validate them against an XSD schema by specifying this to the XmlReader.
精彩评论