How can I determine a file's true extension/type programmatically?

Question

I am working on a script that will process user uploads to the server, and as an added layer of security I\'d like to know:

Is there a way to detect a file\'s true e

Answer 1

Is checking the MIME type simply enough? I am assuming that changing the extension on a file doesn't change it's MIME type? Is MIME type a strong enough indicator to go by here?

It really depends on how it's used.

• If you provide uploads and downloads, then nothing matters since it doesn't execute.
• If it's handled by the web server, then it's going to be dependent on how the web server is configured, though subject to most of the rest of these comments.
• If it's an image, it will either display, or not, or be the target of image library exploits. But only those.
• Something like a pdf file may not affect your server, but rather the computer of the person accessing the file.
• If it's going to be passed to a function like "system()" then we're back to the OS behavior--as if it were "double-clicked", and the file extension might even be considered.