I'm thinking that mime types in the browser are dangerous to set as content type, if any? ?
I am looking at many forum software when uploading files, then use any application / octat-stream for any file except images and place it in the content type of header while outputting take it. I'm wondering why do not they put actual mime-types instead of content type? Does it include security risks? So far, I have used text / CSS, text / plain, audio / MPEG, and many other people and have not seen any difference between the application / octet-stream and these others.
Or have browser boundaries also?
I'm talking about getting content types when uploading files / files better to use for content type, using $ _FILES ['myFile'] ['type'] That information is stored in the database, and instead of using that type in the header of that file, when it is called. Is there a security risk? And / or browser limitations?
Renew
If a user uploads a file in IE, and I am using $ '_FILES [' type '] variable in the database the mime To store the type, and access to the file from any other user and I get the mime type from the database for that file which was uploaded with the IE mime type and that user used the Firefox file Did access to So, cause any problem ?? Or, on the contrary, wondering whether this would be a problem for any browser.
Thanks :)
Whatever mime type you prefer Can use it If the browser understands mime type, then it will attempt to render; If the browser sets a plug-in for that particular mime type, then it will try to launch it; Otherwise you can get just one download dialog.
The reason for this is that application / octet-stream is used a lot because it means more or less that a download dialog will be displayed in the browser. Therefore, by using that mime type in the content-type header, you can force to show a download dialog to the browser. Basically this is the only reason for its use in such situations.
Comments
Post a Comment