Balazs Horvath wrote: > chasd, you wrote > "Hmmm, that made my security radar do a beep. Trusting user input isn't > always safe." > "First, trusting the mime-type from the client is very dangerous. " > > > But guys, the security part of this is out of the scope of RC I think... > If the user sends something bogus by playing with the extension, who cares? > There are so many ways to do that without RC. Okay, we should try helping > SPAM and VIRUS filters, but this is their task IMHO. The problem might just be that the server itself is at risk depending on what happens....
Best regards, Michael -- Michael Baierl <http://mbaierl.com/blog/> _______________________________________________ List info: http://lists.roundcube.net/dev/
