1

file control with mime-type

view story
linux-howto

http://serverfault.com – I have a security question regarding the mime types. I have a website on which users can upload videos. Prior to encoding with ffmpeg, I make a mime-type check to be sure the video file is really a video file and not a weird file or even an exec with a video file extension. Nevertheless sometimes, mime-type aren't recognized, especially with mkv containers. Is it risky if I drop the mime-type checking, submitting directly the files to ffmpeg ? Would it potentially open a breach ? Or would ffmpeg simply return an error with any file that isn't a video ? (HowTos)