- From: Chris Lilley <chris@w3.org>
- Date: Mon, 23 Jun 2003 23:30:24 +0200
- To: www-tag@w3.org, Tim Bray <tbray@textuality.com>
On Monday, June 23, 2003, 9:58:29 PM, Tim wrote: TB> We're working on the contentEoverride-24 finding, and it has been TB> suggested that there are security implications in the case where a web TB> agent decides to ignore the media-type the server sent and decide to TB> handle the incoming data in some other fashion based on, for example, TB> peeking inside the data and guessing what it is. TB> Whereas this is easy to believe, we'd like to see a specific scenario or TB> two showing how nefarious action or erroneous practice could lead to a TB> security breach. Content-type: text/plain (Sniffed-type: application/csh) cd rm -rf * -- Chris mailto:chris@w3.org
Received on Monday, 23 June 2003 17:30:57 UTC