请建议如何检查文件上传所有字节 [英] Please suggest how to check file upload all bytes

问题描述

请建议如何检查文件上传所有字节正确恶意不插入并添加内容任何内容以字节为单位



喜欢alert（hi ）



我尝试了什么：



i尝试过但没有找到审计图像上传的任何代码

Please Suggest how to check file upload all bytes correct malicious not inter-put and add content any content in bytes

like alert("hi")

What I have tried:

i tried but not found any code for audit image upload

推荐答案

除非你上传的字节流已在源头检查，并且添加或提供了额外信息，没有办法告诉 - 一系列字节没有你可以检查的内在正确性或有效性。



一种方法是你生成传输之前原始字节数据的SHA哈希值，然后在接收端再次计算。比较两个哈希值，如果不匹配，则数据不一样。

或者，您可以将其下载回原始发件人，并将其与他们发送的实际数据进行比较。 br />


这两种方法都需要在原始设备上运行某些特定软件，而不是内置到任何浏览器。

Unless the byte stream that you are uploading has been checks at the source, and extra information either added or supplied, then there is no way to tell - a sequence of bytes has no intrinsic "correctness" or "validity" that you can check.

One way to do it is you generate the SHA hash of the original byte data before it is transferred, and then calculate it again at the receiving end. Compare the two hashes and if the do not match, the data is not the same.
Alternatively, you could download it back to the originator, and it could be compared to the actual data they sent.

Both approaches require some specific software to be run at the originator that is not "built in" to any browser.

这篇关于请建议如何检查文件上传所有字节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！