試題詳解

22. When designing a website that allows users to upload and download images, which of the following methods is currently considered the safest when used individually?
(A) Prohibit users from uploading files if the file name ends with common code extensions like .asp or .php.
(B) Allow users to upload files if the file’s MIME type is 'image/jpeg' or other common image MIME types.
(C) Allow users to upload files if the file content includes common image headers like jpg or png.
(D) Limit the file size to a reasonable range for typical image files.
(E) Use a trusted library to reprocess the image, remove EXIF and other metadata, and store it in a directory that does not execute code.