Howard wrote: > On Mon, Jun 2, 2014 at 2:04 PM, Ken Hornstein <[email protected]> wrote: > > > > > As for santizing the filename ... that sounds like something that should > > be handled in a post-processing script. What do others think? > > Wearing my sys-admin hat, I've be far more comfortable with people > that really know what they are doing sanitize things within nmh (one > place), rather than having end users (who are not always fully aware > of various trojan techniques or concerned if they do know).
Ken, by "sanitizing", do you mean not using the filenames that mhstore considers insecure? Or, the basename that Jón wants? I thought it was the latter, in which case I agree that it should be handled by the user. David _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
