So let us continue asking questions while we are on it. The short answer is: by exploiting trust relationships.Software design is akin to mathematical modeling in some aspects.
To handle the upload safely, you need to save it to a randomly-named temp file, and then validate and possibly transcode it to a standardized set of options.
On the HTML page that’s doing the upload you’re going to have something like: Note that you can't trust that anything the user provided isn’t malicious.
Just because the user provides a file named “xyz.jpg” doesn’t mean it’s a valid jpg, or they could upload something named “abc” which is a valid jpg.
" The high-level scripting language Perl and the GNU/Linux platform will be used to illustrate key implementation ideas, but most of the discussion will be applicable to any other development environment.
Before we attempt to answer the above-posed question, two other preliminary questions must be considered: "What constitutes input to a program? " We need a good understanding of these terms, for much depends upon the answers.A very important, well known, yet too often lightly dismissed problem in software security is that of trust management.There are many parties involved in the building and deployment of a software product (even if there's only one developer), and the entities that interact with the resulting system are even more, and often with diverse interests.A thorough examination of trust management issues in software security could easily constitute a multivolume work by itself, and there is a lot of related research underway.For a good general introduction to the subject, consult  and Chapter 13 of .In both cases we seek to develop an approximation of some ideal system, which is close enough to the real world as to be useful, yet simplified enough as to be manageable.