R – Upload file type verification with Rails and Javascript

file-uploadruby-on-railssecurity

I'm currently working on a project where users can upload datasets in CSV format.

Is there a good way with Ruby other than checking file extension to determine if they're really uploading a CSV and not some executable or some other file type?

Best Solution

You can't do this in javascript that's for sure. If you're in a UNIX environment, you can check the documentation about this.

I don't think there is any SURE way of checking this. Usually checking the file extension is fine. Plus you said you're getting CSVs, couldn't you try to parse them? If it fails, then either the document is not at the right format or it's not a csv.

Anyways, make sure that you're storing your files in a directory that has no execute access right.