I am wondering which mime types are dangerous in browsers to be set as the Content Type, if any??
I am noticing that many forum software, when uploading files, use the application/octet-stream for any files other than images and place that into the Content Type of the header when outputting it. I am wondering why don't they place the actual mime-type instead into the Content Type? Are there security risks involved with this? So far I have used text/css, text/plain, audio/mpeg, and many others and haven't noticed any difference between application/octet-stream and these others.
Does anyone out there know the exact difference, and what makes application/octet-stream any better, or any worse...to use for the Content Type??
Or perhaps there are browser limitations?
I'm talking about getting the Content Type when uploading a file, using $_FILES['myFile']['type'], storing that information into the database, and than using that Content Type in the header for that file when being called upon. Is there any security risk involved with this? and/or Browser limitations?
Updated
If a user uploads a file in IE, and I am using the $_FILES ['type'] variable to store the mime-type into the database, and than another user accesses the file and I get the mime type from the database for the file that was uploaded with the IE mime type and that user is using Firefox to access the file, would that cause any problems?? Or vice versa, and wondering if this would be a problem for any browsers for that matter.
Thank You :)