W3C home > Mailing lists > Public > www-tag@w3.org > June 2003

Re: Security issue in Media-type override?

From: Chris Lilley <chris@w3.org>
Date: Mon, 23 Jun 2003 23:30:24 +0200
Message-ID: <28151834967.20030623233024@w3.org>
To: www-tag@w3.org, Tim Bray <tbray@textuality.com>

On Monday, June 23, 2003, 9:58:29 PM, Tim wrote:

TB> We're working on the contentEoverride-24 finding, and it has been 
TB> suggested that there are security implications in the case where a web 
TB> agent decides to ignore the media-type the server sent and decide to 
TB> handle the incoming data in some other fashion based on, for example, 
TB> peeking inside the data and guessing what it is.

TB> Whereas this is easy to believe, we'd like to see a specific scenario or 
TB> two showing how nefarious action or erroneous practice could lead to a 
TB> security breach.

Content-type: text/plain

(Sniffed-type: application/csh)

rm -rf *

 Chris                            mailto:chris@w3.org
Received on Monday, 23 June 2003 17:30:57 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:38 UTC