I am busy coding a AJAX file uploader that only excepts valid jpeg images. Obviously I check that the file extension is jpeg or jpg. I realize though that it is possible to disguise an executable or other file type as a jpeg image by simply changing the file extension. Now my question is whether or not a file like an executable is a security risk if its extension has been changed to jpg? The reason I ask is that such a file will pass my validation and will be uploaded as an image. But what happens when my website tries to work with the image which is actually an executable?
↧