Re: Content Sniffing impact on HTTPbis - #155

On Fri, Jun 12, 2009 at 7:57 PM, Adrien de Croy<adrien@qbik.com> wrote:
> Adam Barth wrote:
>> For better or worse, we can't use file extensions as part of the
>> content sniffing algorithm because it's insecure.  In many attack
>> scenarios, the attacker chooses the file extension.
>
> I presume therefore you can't use the content-type or file content either,
> since these are also potentially provided by an attacker?

The content sniffing algorithm is a careful balancing act of
compatibility and security concerns.  For an in-depth discussion of
the security rationale behind the current algorithm, please see:
http://www.adambarth.com/papers/2009/barth-caballero-song.pdf

> I'm not sure what a Windows client that wants to launch an external
> application will do if it can't use the file extension, unless there's some
> database in Windows that maps to executables on some index other than file
> extension?

Thankfully this algorithm is not intended for use by a Windows client
in determining which external application to launch.

> How does Chrome handle this?

Chrome determines which external application to launch by the file
extension, not by the media type.  However, that's somewhat irrelevant
to this discussion.

Adam

Received on Saturday, 13 June 2009 05:32:11 UTC