What is the most secure way to upload, and store images in ASP.NET?
I'm talking about protecting against code injection attacks that can happen with PHP (see: http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/
Is asp.net vulnerable to this as well?
-Checking the file extension is a fail, easily worked around
-checking image header (same)
-attempting to compare the file (is.jpeg), but how easily is this bypassed?
-Is the safest way storing the image in the database as a binary?
If the upload folder is explicitly denied "Traverse/ Execute" permissions, even if they uploaded malicious code, would they not be able to run it?