In article <[EMAIL PROTECTED]>, Nelson B. Bolyard wrote: > Ulrich Eckhardt wrote: >> >> Hi, >> >> today i had received a suspicious e-mail with an attachement >> (using Mozilla 1.2.1). >> >> The filename is displayed as readme.xls (and 3 dots wich can >> be easily overlooked). After having a closer look in the headers, >> the full name of this attachement is readme.xls<lots of blanks>.scr . >> >> I think it would be better to cut the filename somewhere in >> the middle (specially removing white spaces), so that the >> ending of the filename is always visible, otherwise this may >> lead to the same problems, like microsofts internet explorer >> wich cut of the ending of file names. > > Decisions about whether a file is "safe" for some purpose should be made > based on the MIME content type, not the file name or "extension". > mozilla should always make the MIME content type easily accessible.
it would be nice if that was the case, but it's not true in Windows. it depends on the exact operation being performed, but Windows itself and many Windows apps use only the extension to determine how to handle a file. failing to take that into account leads to security issues, and several based on exactly that flaw have been found in internet explorer previously. for Windows at least, decisions about whether a file is "safe" for a purpose must be made based on both the MIME type _and_ the file name extension, depending on what the purpose is... -- michael
