I've a web page that that can be used to upload files.
Now I need to check if the file type is correct (zip, jpg, pdf,...).
I can use the mimeType that comes with the request but I don't trust the user and let's say I want to be sure that nobody is able to upload a .gif file that was renamed in .jpg
I think that in this case I should inspect the magic number.
This is a java library I've found that seems to achieve what I need 'extract the mimetype from the magic number'.
Is this a correct solution or what do you suggest?
UPDATE:
I've found the mime-util project and it seems very good and up-to-date! (maybe better then Java Mime Magic Library?)
Here is a list of utility projects that can help you to extract mime-types
byte[] data = ...
MagicMatch match = Magic.getMagicMatch(data);
String mimeType = match.getMimeType();