Setup readonly rails console
Kim Klotz
3 months
HowTo Generate Nagios Config with puppet fast
Moritz Kraus
1 year
Why Apple Silicon MacBooks Can Only Use One External Display Through A Dock
Florian Heinle
1 year
Security considerations in MIME-Type configuration
Kim Klotz
1 year
HowTo: List packages in an apt repository
Florian Heinle
1 year
Nginx Proxy buffer tuning
Moritz Kraus
1 year
How to prevent duplicate exported resources across a Puppet Infrastructure
Moritz Kraus
1 year
GitLab scheduled pipeline: Don't notify owner
Andreas Vöst
2 years
HowTo: Get kubernetes secrets in plaintext
Florian Heinle
2 years
XCA: Easy SSL certificate management
Andreas Vöst
4 years
HowTo: Use Journalctl to View and Manipulate Systemd Logs
Claus-Theodor Riegg
5 years
convert PostgreSQL custom dump format to textdump
Claus-Theodor Riegg
5 years
dumping and restoring PostgreSQL databases
Claus-Theodor Riegg
7 years

Security considerations in MIME-Type configuration

Posted . Visible to the public.

When you are using the default MIME-Type configuration and your application allows uploading files, it can be a security issue.

Example:

A user uploads a file with HTML/JavaScript content using no file extension.

In the Apache default configuration if you access the file it will have no Content-Type. Some browsers will guess/autodetect it as HTML and now you are vulnerable to XSS.

To prevent this, you can set a default Content-Type (e.g. plain/text or application/octet-stream).

Kim Klotz
makandra.com
Say thanks1
Last edit
Kim Klotz
License
Source code in this card is licensed under the MIT License.
Privacy policy Terms of service Imprint
This website uses short-lived cookies to improve usability.
or learn more