Sept. 24, 2004
11:39 p.m.
On Friday, Sep 24, 2004, at 19:07 US/Eastern, Brad Knowles wrote:
Leaving it as a ".doc" file when the MIME bodypart type does not match the claimed extension *is* dangerous.
In mail, yes (and what does Mailman normally do to sanitize extensions / MIME types in the messages it redistributes?). But on the web? I'm curious, what's the threat model?
--Robby