[RCD] mime problem - excel file as text/plain
mail at mbaierl.com
Thu Mar 5 12:46:41 CET 2009
Balazs Horvath wrote:
> chasd, you wrote
> "Hmmm, that made my security radar do a beep. Trusting user input isn't
> always safe."
> "First, trusting the mime-type from the client is very dangerous. "
> But guys, the security part of this is out of the scope of RC I think...
> If the user sends something bogus by playing with the extension, who cares?
> There are so many ways to do that without RC. Okay, we should try helping
> SPAM and VIRUS filters, but this is their task IMHO.
The problem might just be that the server itself is at risk depending on
List info: http://lists.roundcube.net/dev/
More information about the Dev