|
|
|
|
|
|
by blueimp
2798 days ago
|
|
|
Although I agree with you in a general sense, in this case there was no blacklist mistakenly used. If the server is configured to serve uploaded files securely, it is feasible to allow all file types for upload (e.g. think of Amazon S3 or Google Cloud Storage). However since there is no way to ensure that the server security settings to securely handle uploaded files are applied, limiting file uploads with a whitelist minimizes the attack vector sufficiently. |
|
|