Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

Em Fri, 26 Dec 2003 16:33:11 +0100, Christophe Fergeau <teuf gnome org> escreveu:

> > A user can fix a badly-named file, but cannot fix a bug in VFS magic.
> As I already pointed out in another mail, you cannot expect a user to know 
> that mime type detection is done by looking at the name of a file, and that 
> to make a file being properly detected, he (she) needs to change the file 
> extension to "random_extension_chosen_by_the_app_author". For me, mime type 
> misdetection will be impossible to fix by the average user whatever mime 
> detection scheme you choose.

You can always do like Leandro suggested and have mime be sniffed
from the file contents as soon as it is clicked. If the mime found out
by the contents detection is different from the one implied by the extension
the user will be warned and asked what to do.... 

I think that solves the problem quite well.


kov debian org: Gustavo Noronha <>
Debian:  <>  *  <>
  "Não deixe para amanhã, o WML que você pode traduzir hoje!"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]