Re: double-extensions in apache?

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair
Date:  
To: Main PLUG discussion list
Subject: Re: double-extensions in apache?
As you surmise, I mean to say the *setting* should be enabled. That is, content type determination should be *disabled* for all uploads.

On 03/20/2011 02:16 PM, Eric Shubert wrote:
> On 03/20/2011 01:11 AM, Joseph Sinclair wrote:
>>
>> There are tools to check your site and ensure everything is clean with extensions, metadata, etc... Those should be used by everyone developing a website.
>> There are also settings to disable content-type-determination on uploads, and those should ALWAYS be enabled.
>
> I'd like to be clear about this. Do you mean to say that the setting to disable content-type-determination should be enabled (which appears to be what you said), or that the content-type-determination setting should be enabled?
>
>> It's OK to guess the content type of a file in the filesystem, but an HTTP PUT request is supposed to *tell* you the mime type, and if it doesn't then the sender simply cannot be trusted to put content to your site.
>>
>> Just my thoughts on the matter.
>>
>> ==Joseph++
>>
>


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss