[RCD] mime problem - excel file as text/plain

Michael Baierl mail at mbaierl.com
Thu Mar 5 12:46:41 CET 2009


Balazs Horvath wrote:
> chasd, you wrote
> "Hmmm, that made my security radar do a beep. Trusting user input isn't 
> always safe."
> "First, trusting the mime-type from the client is very dangerous. "
> 
> 
> But guys, the security part of this is out of the scope of RC I think...
> If the user sends something bogus by playing with the extension, who cares?
> There are so many ways to do that without RC. Okay, we should try helping
> SPAM and VIRUS filters, but this is their task IMHO.
The problem might just be that the server itself is at risk depending on 
what happens....

Best regards,

Michael

-- 
Michael Baierl
<http://mbaierl.com/blog/>

_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list