I'm curious if it's possible for an flv file to contain code like ActionScript or if it can only contain the audio/video data for the video.
I'm specifically asking related to the security of allowing an FLV file to be uploaded a site.
Edit: assume that the contents have been validated to be a real "flv" - the question is whether the format natively supports code inside of the flv.
the question is whether the format natively supports code inside of
the flv.
To that question, the answer is no. For further security discussions, see the other answers.
FLV files are for video/audio: http://en.wikipedia.org/wiki/Flash_Video. but I can rename any executable file of course and add the .FLV extension to it. so I believe you will need to read the uploaded files and check whether they are FLV indeed.
FLV is only a video format. Like akonsu said, you should check if the file is really a FLV file, not just checking it's extension.
You should check if the file's mime type is "video/x-flv".
More info about FLV: http://osflash.org/flv
Related
i have video uncompressed .avi video files. however they come with a known 2048kb header at the beginning of the file, such that no video program (Vlc player) recognises the file as video files. can i force VLC to ignore the first 2048kb? how?
what would be the easiest way to remove this header?
Unfortunately there is no known to me way of getting vlc to use a larger "probesize" or somehow just skip to byte X.
Also unfortunately there is no known to me way to add some "camouflage" or even add an empty chunk to the front of an avi container. Next approach could be to genereate a reference movie but also no automatic usage tools available at the best of my knowledge. And as there is also no way to just "set or change" the start offset of a file, we have to copy it.
My recommendation for copying parts of files is this sourceforge project: skf
https://sourceforge.net/projects/swissfileknife/?source=typ_redirect
some examples
When I use an UIImagePicker to record video and then want to save it to disk, what file format is used? In other words.. when I have the file on disk and want to transport it over to a server, what kind if MIME type should I use?
The format that is used when you take a video with UIImagePickerController is Apple's quicktime format .MOV.
The MIME-type you are looking for is video/quicktime
Hope this helps!
I am retrieving an MP3 file from the iPod Library and saving it to the application's Documents directory. I need to convert it to .wav or .caf so that I can use OpenAL or any other library to change the pitch of the audio.
Can this be done? Any assistance with code will be greatly appreciated.
Take a look at the AVAssetWriter class. Also, check out this link, its not exactly what you want, but its a start.
http://www.subfurther.com/blog/2010/12/13/from-ipod-library-to-pcm-samples-in-far-fewer-steps-than-were-previously-necessary/
Note that it might be difficult to gain access to the user's actual file as that would require reaching out of your app's sandbox - something Apple doesn't allow.
I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.
I was wondering how do you inject metadata into an f4v file with quepoints? I've been reading somewhere that it's either during encoding or a custom actionscript that embeds when the file runs.
An F4V file is merely a renamed MP4 file. By and large, any tools, tips and technologies that work on MP4 file will do so for F4V files.
Seeking into MP4 files is non-trivial, and much more difficult than FLV files, which I assume you are thinking about. (But maybe I am wrong?)
That said, the meta data you are after is probably already in the MP4 in the MOOV atom. (MP4 files are composed of atoms. The MOOV atom is the meta data atom.) There probably is no need to inject it. But, to get quick starts and have a player be able to seek through out a file, then you need to have the MOOV 'atom' at the front of the file. There are tools to do this on existing files, and it can be done when encoding the file.
I've never heard of AS doing any of this.