On Mon, 2011-09-12 at 00:40 -0600, Vibha Yadav wrote: > I have following list of files to be blacklisted:
I know we discussed this already, but just to clarify for others: the blacklist only applies to "attach" parameters in mailto: URLs. You can still attach any file manually in the composer window. I think instead of the blacklist consisting entirely of individual file names, which we'll constantly have to amend, you can eliminate most of these and be pretty darn future-proof by applying the following rules: - No hidden files (e.g. ".foo"). - No files in hidden directories (e.g. ".secret/foo"). - No files under /etc. - No files with ".." as a path component. That leaves only a few individual files in the blacklist, which we can amend as needed. When eliminating a file attachment in a mailto: URL, print a message to the terminal stating so -- "suspicious attachment $FILENAME was removed for security" -- or something thereabouts. _______________________________________________ evolution-hackers mailing list [email protected] To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-hackers
