Then it should be fine and RC should be ok with just doing any kind of detection, maybe even just based on the extension... If unknown files are sent as binary it will be offered as download, so it should not be a big deal...
And even using fileinfo might be a security risk for the server, as there have been security issues in that package as well :)
Best regards,
Michael
Thomas Bruederli wrote:
On Thu, Mar 5, 2009 at 14:35, Thomas Bruederli roundcube@gmail.com wrote:
On Thu, Mar 5, 2009 at 12:46, Michael Baierl mail@mbaierl.com wrote:
But guys, the security part of this is out of the scope of RC I think... If the user sends something bogus by playing with the extension, who cares? There are so many ways to do that without RC. Okay, we should try helping SPAM and VIRUS filters, but this is their task IMHO.
The problem might just be that the server itself is at risk depending on what happens....
What risk do you mean? The doesn't touch these files (except fileinfo).
Correction: "The server doesn't touch these files" Sorry!
~Thomas