Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text files in internet explorer

From: Helmut Springer <delta () FaVeVe Uni-Stuttgart de>
Date: Tue, 3 Sep 2002 17:18:10 +0200
On 03 Sep 2002 at 01:43 +0200, Dan Kaminsky wrote:

There's few engineers who will praise the simultaneous genius of URLs, 
HTTP, and HTML as highly as myself.  That they all spawned 
simultaneously is a feat of synergistic engineering unparalleled in 
recent memory.  But MIME-types are a failure, and a stubborn refusal to 
admit such benefits nobody.


Pardon?  MIME-types are a standard to declare the type of data,
nothing more, nothing less.  If the MIME-type of some data is
declared by an untrusted entitiy, you should not trust this
declaration.  If the data is sent by some untrusted entity you
should not trust the data.  Usually the data will present more of a
danger than the declaration, but then...

What's your problem regarding MIME-types again?

-- 
MfG/Best regards,                   "A Feature you cannot disable is
helmut springer                      considered a bug"  comp.os.unix
Previous By Date Next
Previous By Thread Next

Current thread: