Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- From: Christophe Fergeau <teuf gnome org>
- To: Fabio Gomes <bugtraq gs2 com br>
- Cc: gnome-devel-list gnome org, nautilus-list gnome org
- Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- Date: Fri, 26 Dec 2003 16:33:11 +0100
> A user can fix a badly-named file, but cannot fix a bug in VFS magic.
As I already pointed out in another mail, you cannot expect a user to know
that mime type detection is done by looking at the name of a file, and that
to make a file being properly detected, he (she) needs to change the file
extension to "random_extension_chosen_by_the_app_author". For me, mime type
misdetection will be impossible to fix by the average user whatever mime
detection scheme you choose.
] [Thread Prev