Vulnerability Development: Re: Plain text files in internet explorer

[Helmut Springer <delta () FaVeVe Uni-Stuttgart de>]

On 03 Sep 2002 at 01:43 +0200, Dan Kaminsky wrote:
> There's few engineers who will praise the simultaneous genius of URLs, 
> HTTP, and HTML as highly as myself.  That they all spawned 
> simultaneously is a feat of synergistic engineering unparalleled in 
> recent memory.  But MIME-types are a failure, and a stubborn refusal to 
> admit such benefits nobody.
Pardon?  MIME-types are a standard to declare the type of data,
nothing more, nothing less.  If the MIME-type of some data is
declared by an untrusted entitiy, you should not trust this
declaration.  If the data is sent by some untrusted entity you
should not trust the data.  Usually the data will present more of a
danger than the declaration, but then...

What's your problem regarding MIME-types again?

-- 
MfG/Best regards,                   "A Feature you cannot disable is
helmut springer                      considered a bug"  comp.os.unix