W3C home > Mailing lists > Public > www-tag@w3.org > June 2003

Security issue in Media-type override?

From: Tim Bray <tbray@textuality.com>
Date: Mon, 23 Jun 2003 12:58:29 -0700
Message-ID: <3EF75BE5.30803@textuality.com>
To: WWW-Tag <www-tag@w3.org>

We're working on the contentEoverride-24 finding, and it has been 
suggested that there are security implications in the case where a web 
agent decides to ignore the media-type the server sent and decide to 
handle the incoming data in some other fashion based on, for example, 
peeking inside the data and guessing what it is.

Whereas this is easy to believe, we'd like to see a specific scenario or 
two showing how nefarious action or erroneous practice could lead to a 
security breach.

(Note that there are other reasons why this is a bad thing to, we're 
just focusing on the security issue here).
-- 
Cheers, Tim Bray
         (ongoing fragmented essay: http://www.tbray.org/ongoing/)
Received on Monday, 23 June 2003 15:58:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:38 UTC