[Esa-l] Double Extensions fails
Phil Pennock
pdp at nl.demon.net
Tue Feb 13 07:50:11 PST 2001
On 2001-02-13 at 15:45 +0000, Bjarni R. Einarsson wrote:
> So basically, I think explicitly worrying about double extensions is
> a little silly. If you have a sane policy for handling really long
> file names and another sane policy for handling unknown and/or
> dangerous extensions, then worrying about double extensions is
> totally unnecessary.
>
> That's why I don't bother in my sanitizer (although user are free to
> implement their own policies which detect double file names via.
> regexps in their config files).
I see from:
X-Mailer: Mutt 0.95.4i
that you're probably a Unix user (gratz); but Windows clients do things
like hide known extensions. So foo.jpg.vbs would be shown as foo.jpg --
quite sick, yes. When forced into using a Windows box, I change that
setting fast.
BTW -- there are security holes in _your_ email client. You might wish
to upgrade. ;^)
--
Phil Pennock <pdp at nl.demon.net> <Phil.Pennock at thus.net>
Demon Internet Nederland -- Network Operations Centre -- Systems Administrator
Libertes philosophica.
NL Sales: +31 20 422 20 00 NL Support: 0800 33 6666 8
More information about the esd-l
mailing list