WebApp Sec mailing list archives
Re: Content monitorting in Application Security
From: Ivan Ristic <ivanr () webkreator com>
Date: Mon, 10 Jan 2005 16:16:42 +0000
Ofer Shezaf wrote:
Do you think that matching extension and content type header would be enough? If no, are you aware of any technology to determine a file type according to its content?
No. The extension and the content type are provided by the client, therefore they cannot be trusted. You have to look into the file to verify it. -- Ivan Ristic (http://www.modsecurity.org)
Current thread:
- Content monitorting in Application Security Alfred Hitchcock (Jan 07)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 08)
- Re: Content monitorting in Application Security Paul Laudanski (Jan 08)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 08)
- <Possible follow-ups>
- RE: Content monitorting in Application Security Security (Jan 08)
- RE: Content monitorting in Application Security Paul Laudanski (Jan 09)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 09)
- Re: Content monitorting in Application Security Martin Mačok (Jan 10)
- RE: Content monitorting in Application Security Antoine Martin (Jan 10)
- Re: Content monitorting in Application Security oliver.karow (Jan 10)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 10)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 13)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 15)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- Re: Content monitorting in Application Security Martin Schapendonk (Jan 24)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 27)