Is HttpPostedFile.ContentType a flawless way to validate an uploaded file?

Question

I want to validate the file type to make sure the user is uploading an image of type JPEG, GIF, or PNG. Instead of checking the file extension, I figured using HttpPostedFil

Answer 1

To reliably know the content type, you might want to look into Content Type sniffing, for instance:

http://suika.fam.cx/www/markup/html/whatpm/Whatpm/ContentType.html

This tries to determine the content type of the file by examining the first few bytes.