WebApp Sec mailing list archives

Re: Content monitorting in Application Security

From: Ivan Ristic <ivanr () webkreator com>
Date: Mon, 10 Jan 2005 16:16:42 +0000

Ofer Shezaf wrote:


Do you think that matching extension and content type header would be
enough? If no, are you aware of any technology to determine a file type
according to its content?


  No. The extension and the content type are provided by the client,
  therefore they cannot be trusted. You have to look into the file
  to verify it.

--
Ivan Ristic (http://www.modsecurity.org)

Current thread:

Content monitorting in Application Security Alfred Hitchcock (Jan 07)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 08)
- Re: Content monitorting in Application Security Paul Laudanski (Jan 08)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 08)
- <Possible follow-ups>
- RE: Content monitorting in Application Security Security (Jan 08)
  - RE: Content monitorting in Application Security Paul Laudanski (Jan 09)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 09)
  - Re: Content monitorting in Application Security Martin Mačok (Jan 10)
  - RE: Content monitorting in Application Security Antoine Martin (Jan 10)
  - Re: Content monitorting in Application Security oliver.karow (Jan 10)
  - Re: Content monitorting in Application Security Ivan Ristic (Jan 10)
  - Re: Content monitorting in Application Security Jeremiah Grossman (Jan 13)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 15)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
  - Re: Content monitorting in Application Security Martin Schapendonk (Jan 24)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 27)