2008/11/4 Brendan Ferguson <[EMAIL PROTECTED]>: > > I imagine that even if the files are set for download, they will be > interpreted.
That's not my understanding; please test it out and see :-) > Probably. But you will not be able to view any of the images any more, the > browser would be treating them like text. :( I think with extensions and the "file" command we can reliably detect images as images and have them displayed instead of for download :-) > have to put them in our own server config files. They are not universally > accepted in .htaccess files. That's not a problem with our hosts. > Another option [so] if someone got something > ugly up on to the server, and they did some how have execution permissions, > they would not know what file to call. This seems tricky and error prone, and just not worth it :-) I agree with Ben: Download-as-dumb-data combined with ccHost's existing file-verification capabilities seems adequate - we'll just not accept uploaded HTML files, only plain text, and not allow any uploaded file to be executed by Apache :-) What is tricky, is having version control on the files - so if a user uploads a new version of a file, ie a file with the same file name, it won't make the previous version disappear, but also won't create a new URL for that file. I think it would be best to move this conversation to the ccHost developer mailing list, so Victor can comment :-) _______________________________________________ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
