On Tue, 20 Apr 1999, Tom von Alten wrote:
...
> I thought of a simpler approach. What if we just prefix user names with
> something innocuous? Add on "x-" or some such, so
> .htaccess -> xhm-.htaccess
> for example.
That sounds attractive to me. I was just looking back at some work I did on Hypermail 1 to deal with attachments and found that I was always storing them as att-<msgno>-<attachmentno>
But this was probably laziness rather than concern over security.
Tom's suggestion of a prefix seems sensible as we do want to preserve any given extension. An alternative would be defining a set of acceptable types of file name - not starting with a '.', only alphanumerics and 'safe' other characters in the name - and map any other given file names into that set.
Paul
-- Paul HaldaneReceived on Tue 20 Apr 1999 05:20:14 PM GMT
This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:50 PM GMT GMT