[RCD] mime problem - excel file as text/plain

Michael Baierl mail at mbaierl.com
Thu Mar 5 14:41:30 CET 2009


Then it should be fine and RC should be ok with just doing any kind of 
detection, maybe even just based on the extension... If unknown files 
are sent as binary it will be offered as download, so it should not be a 
big deal...

And even using fileinfo might be a security risk for the server, as 
there have been security issues in that package as well :)

Best regards,

Michael

Thomas Bruederli wrote:
> On Thu, Mar 5, 2009 at 14:35, Thomas Bruederli <roundcube at gmail.com> wrote:
>> On Thu, Mar 5, 2009 at 12:46, Michael Baierl <mail at mbaierl.com> wrote:
>>>> But guys, the security part of this is out of the scope of RC I think...
>>>> If the user sends something bogus by playing with the extension, who cares?
>>>> There are so many ways to do that without RC. Okay, we should try helping
>>>> SPAM and VIRUS filters, but this is their task IMHO.
>>> The problem might just be that the server itself is at risk depending on
>>> what happens....
>>>
>> What risk do you mean? The doesn't touch these files (except fileinfo).
> 
> Correction: "The server doesn't touch these files"
> Sorry!
> 
> ~Thomas

-- 
Michael Baierl
<http://mbaierl.com/blog/>
- - - - - - - - - - - - - - - - -
Warum sagen viele Pärchen "Schatzi" zueinander? Weil sie sich nicht 
zwischen "Schaf" und "Ziege" entscheiden können...

_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list