Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

> A user can fix a badly-named file, but cannot fix a bug in VFS magic.

As I already pointed out in another mail, you cannot expect a user to know 
that mime type detection is done by looking at the name of a file, and that 
to make a file being properly detected, he (she) needs to change the file 
extension to "random_extension_chosen_by_the_app_author". For me, mime type 
misdetection will be impossible to fix by the average user whatever mime 
detection scheme you choose.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]