You are developing a web application where users can upload their profile pictures. What is the best practice to prevent a malicious user from uploading a file that could compromise your server?

Allow any file type to be uploaded since we are implementing authentication and authorization mechanisms

Store the files directly on the web server without any validation

Disable the upload feature entirely

Restrict file types to specific extensions and scan files for malware