[RCD] mime problem - excel file as text/plain
mail at mbaierl.com
Thu Mar 5 14:41:30 CET 2009
Then it should be fine and RC should be ok with just doing any kind of
detection, maybe even just based on the extension... If unknown files
are sent as binary it will be offered as download, so it should not be a
And even using fileinfo might be a security risk for the server, as
there have been security issues in that package as well :)
Thomas Bruederli wrote:
> On Thu, Mar 5, 2009 at 14:35, Thomas Bruederli <roundcube at gmail.com> wrote:
>> On Thu, Mar 5, 2009 at 12:46, Michael Baierl <mail at mbaierl.com> wrote:
>>>> But guys, the security part of this is out of the scope of RC I think...
>>>> If the user sends something bogus by playing with the extension, who cares?
>>>> There are so many ways to do that without RC. Okay, we should try helping
>>>> SPAM and VIRUS filters, but this is their task IMHO.
>>> The problem might just be that the server itself is at risk depending on
>>> what happens....
>> What risk do you mean? The doesn't touch these files (except fileinfo).
> Correction: "The server doesn't touch these files"
- - - - - - - - - - - - - - - - -
Warum sagen viele Pärchen "Schatzi" zueinander? Weil sie sich nicht
zwischen "Schaf" und "Ziege" entscheiden können...
List info: http://lists.roundcube.net/dev/
More information about the Dev