[RCD] mime problem - excel file as text/plain

Michael Baierl mail at mbaierl.com
Thu Mar 5 12:46:41 CET 2009

Balazs Horvath wrote:
> chasd, you wrote
> "Hmmm, that made my security radar do a beep. Trusting user input isn't 
> always safe."
> "First, trusting the mime-type from the client is very dangerous. "
> But guys, the security part of this is out of the scope of RC I think...
> If the user sends something bogus by playing with the extension, who cares?
> There are so many ways to do that without RC. Okay, we should try helping
> SPAM and VIRUS filters, but this is their task IMHO.
The problem might just be that the server itself is at risk depending on 
what happens....

Best regards,


Michael Baierl

List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list