views:

60

answers:

1

In response to this, what are the security considerations when using the content-disposition HTTP header?

+3  A: 

Uh... They're spelled out in RFC 2183, linked to from the answer you link to!

  1. Security Considerations

    There are security issues involved any time users exchange data. While these are not to be minimized, neither does this memo change the status quo in that regard, except in one instance.

    Since this memo provides a way for the sender to suggest a filename, a receiving MUA must take care that the sender's suggested filename does not represent a hazard. Using UNIX as an example, some hazards would be:

    • Creating startup files (e.g., ".login").

    • Creating or overwriting system files (e.g., "/etc/passwd").

    • Overwriting any existing file.

    • Placing executable files into any command search path (e.g., "~/bin/more").

    • Sending the file to a pipe (e.g., "| sh").

    In general, the receiving MUA should not name or place the file such that it will get interpreted or executed without the user explicitly initiating the action.

    It is very important to note that this is not an exhaustive list; it is intended as a small set of examples only. Implementors must be alert to the potential hazards on their target systems.

Shog9