RE: MIME disable option? (hopefully not FAQ)

From: Tom von Alten <>
Date: Tue, 20 Apr 1999 08:05:18 -0600
Message-ID: <>

Craig A Summerhill <> wrote: More good ideas on attachment security...

> I think Tom's second solution is ultimately, the one that is most
> likely to be fruitful (e.g. a list of forbidden or restricted
> filenames). In addition to the obvious '.htaccess' file, I would
> also propose the following be added to a "default" omit list. And
> the list should be locally extensible:
> robots.txt
> index.html
> Finally, I would propose a fourth (4) option for an approach to handling
> MIME attachments:

> o have hypermail send an e-mail note to the web administrator
> (or otherwise defined administrator) telling them to review
> the file and change the permissions to 644 on the file in
> order to make it accessible. Thus, the markup of the base

This last one is not something we'd undertake on our intranet, as the volume of attachments would make it prohibitive.

I thought of a simpler approach. What if we just prefix user names with something innocuous? Add on "x-" or some such, so

   .htaccess -> xhm-.htaccess
for example.

_____________ Hewlett-Packard Computer Peripherals Bristol Tom von Alten

          This posting is for informational purposes only.
          It is not a statement of the Hewlett-Packard Co.
Received on Tue 20 Apr 1999 04:08:17 PM GMT

This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:11 AM GMT GMT