On Mon, 18 Oct 2010 13:06:58 -0400
Kris Deugau <[email protected]> wrote:
> Well, the idea is to block malicious Subject: lines from causing
> problems by writing somewhere on the filesystem you didn't expect...
> only allowing a small subset of the available characters and
> replacing everything else with an underscore is quite reasonable IMO.
So if ten messages come in with the same subject, then... what?
Here is my rule:
Never[*] name files based on user-input
Regards,
David.
[*] Well, almost never. Obviously, if you're writing a mail client, the
"Save Attachment" feature should take the supplied filename parameter
as a suggestion...
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
