Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

From: Christophe Fergeau <teuf gnome org>
To: Fabio Gomes <bugtraq gs2 com br>
Cc: gnome-devel-list gnome org, nautilus-list gnome org
Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
Date: Fri, 26 Dec 2003 16:33:11 +0100

> A user can fix a badly-named file, but cannot fix a bug in VFS magic.

As I already pointed out in another mail, you cannot expect a user to know 
that mime type detection is done by looking at the name of a file, and that 
to make a file being properly detected, he (she) needs to change the file 
extension to "random_extension_chosen_by_the_app_author". For me, mime type 
misdetection will be impossible to fix by the average user whatever mime 
detection scheme you choose.

Christophe

References:
- Why file content sniffing sucks
  - From: Fabio Gomes
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Charles Goodwin
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]