[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Eudora 3.0 for PC and MHonArc
NEW DEVELOPMENT - The image appears in the message when sent by a different
PC - my configuration could be messed up or Eudora may need to be
reinstalled. Thanks everyone for all the suggestions.
At 01:48 PM 9/25/98 -0700, Earl Hood wrote:
>On September 25, 1998 at 16:26, "John R. LoVerso" wrote:
>> > No, it will never be the default. "usenameext" opens create a security
>> > hole. For example, I can send a message with a filename of ".htpasswd".
>> Not "usename", but "usenameext". If you send such a filename, won't
>> MHonArc just create the file called "bin00001.htpasswd"?
>Actually: "htp00001.htpasswd". The prefix is derived from the extension.
>Hmmm, cannot think of any security problems off-hand. You still have a
>problem with extension ambiguity and content-type vs extension
>conflicts. I.e. There is no way to guarantee that the extension
>provided matches the supplied content-type. For example, content-type
>equals application/postscript but the filename given is "file.doc". Or
>more likely, text/plain with a filename of "title.doc". Plus, not
>everyone/system use extensions.
>It is trivial for people to add "usenameext" if they want it. Keying
>off the content-type is the proper way to do things. Deviations should
>not be the default, and should only occur if the user requests it.
> Earl Hood | University of California: Irvine
> firstname.lastname@example.org | Electronic Loiterer
>http://www.oac.uci.edu/indiv/ehood/ | Dabbler of SGML/WWW/Perl/MIME