Does it matter? (was Re: .rdf file extension security?)

Thanks for this Charles and to Christopher Schmidt.

Sorry for my slack terminology, Christopher, what I meant was that if I put 
a .rdf file on a Windows server and then browse to it (with any client), the 
sever gives a 404 response, even though the file is present.

Clearly there are a lot of servers in use that don't support the RDF MIME 
type by default. However, they do support .xml. My organisation's aim is to 
get a significant number of websites to include RDF descriptions of their 
content for PICS-like (child protection) reasons. See

Whilst it is easy for a professional to add a MIME type to a server, for 
hobby webmasters (and, let's be honest, a lot of "professional web 
designers") this is well beyond what can be expected..

So, the question is, does it make a practical difference if an RDF/XML 
instance is in a file with a .xml extension and a MIME type of 
application/xml, rather that nicely in a file with a .rdf extension and a 
MIME type of application.rdf+xml?


----- Original Message ----- 
From: "Charles McCathieNevile" <>
To: "Phil Archer" <>; <>
Sent: Tuesday, February 01, 2005 4:16 AM
Subject: Re: .rdf file extension security?

> On Mon, 31 Jan 2005 22:13:32 -0000, Phil Archer <> 
> wrote:
>> Is there a security issue (real or perceived) around .rdf? Or is it just 
>> that the good folk at Geocities/Yahoo/BT haven't added .rdf to the list 
>> of allowed file types?
> I suspect the latter case. If you have real RDF it is pretty difficult to 
> include a security risk (although of course any file with any ending on 
> its name can carry something unpleasant...)
>>  A Windows server I did manage to upload a .rdf file to then wouldn't 
>> serve it back under default settings.
> Hmmm. If you have to configure a windows server before it gets around to 
> handing back data you give it. Which seems a wierd design choice. 
> Otherwise, as already noted, it might just e served with a MIME type that 
> results in no software having a sensible indication of how to handle it.
> cheers
> -- 
> Charles McCathieNevile                 Fundacion Sidar

Received on Tuesday, 1 February 2005 09:34:12 UTC