Re: .rdf file extension security?

On Mon, 31 Jan 2005 22:13:32 -0000, Phil Archer <phil.archer@icra.org>  
wrote:

> Is there a security issue (real or perceived) around .rdf? Or is it just  
> that the good folk at Geocities/Yahoo/BT haven't added .rdf to the list 
> of allowed file types?

I suspect the latter case. If you have real RDF it is pretty difficult to  
include a security risk (although of course any file with any ending on  
its name can carry something unpleasant...)

>  A Windows server I did manage to upload a .rdf file to then wouldn't  
> serve it back under default settings.

Hmmm. If you have to configure a windows server before it gets around to  
handing back data you give it. Which seems a wierd design choice.  
Otherwise, as already noted, it might just e served with a MIME type that  
results in no software having a sensible indication of how to handle it.

cheers

-- 
Charles McCathieNevile                 Fundacion Sidar
charles@sidar.org                      http://www.sidar.org

Received on Tuesday, 1 February 2005 04:23:34 UTC