double-extensions in apache?
Joseph Sinclair
plug-discussion at stcaz.net
Sun Mar 20 19:06:14 MST 2011
As you surmise, I mean to say the *setting* should be enabled. That is, content type determination should be *disabled* for all uploads.
On 03/20/2011 02:16 PM, Eric Shubert wrote:
> On 03/20/2011 01:11 AM, Joseph Sinclair wrote:
>>
>> There are tools to check your site and ensure everything is clean with extensions, metadata, etc... Those should be used by everyone developing a website.
>> There are also settings to disable content-type-determination on uploads, and those should ALWAYS be enabled.
>
> I'd like to be clear about this. Do you mean to say that the setting to disable content-type-determination should be enabled (which appears to be what you said), or that the content-type-determination setting should be enabled?
>
>> It's OK to guess the content type of a file in the filesystem, but an HTTP PUT request is supposed to *tell* you the mime type, and if it doesn't then the sender simply cannot be trusted to put content to your site.
>>
>> Just my thoughts on the matter.
>>
>> ==Joseph++
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110320/a883317f/attachment.pgp>
More information about the PLUG-discuss
mailing list