|
|
On Thu, 22 May 2008 15:35:49 +0100, Eik <spam@xxxxxxxxxxx> wrote:
> On Thu, 22 May 2008 05:50:44 +0100, Aaron Hsu <arcfide@xxxxxxxxxxx> wrote:
>
> > Does this really cause you trouble?
>
> I certainly find it annoying. The same thing happens when I view source in
> IE, even though that opens in an editor that does highlighting.
>
> Wasn't one reason for dropping file extensions to help prevent .exe files
> from being run by unsavvy users poking around the cache by accident, or AV
> software getting confused by them?
I believe that was part of the justification. There were other reasons
as well: if I recall correctly there are some cache performance
improvements involved too.
Discarding content type information and relying on guessing it from
analysis of the content itself has long been recognised as a major
security problem. This is a big enough issue for me that I'm unable to
test the beta releases of Opera myself. I find it especially annoying
because Opera is trying to force a major problem on me, while telling
me that it's doing so to fix problems that I have never, ever had.
> Alternatively, the editor I use has command line swithes you can use when
> opening files, and I'm sure some other programs must have these too.
> Obviously for normal use these are impractical because most files are
> opened from the GUI, but if Opera is to launch my editor to view files
> then could you at least provide a mechanism to associate command switches
> to MIME types so that when I view the source of a HTML file, Opera will
> run "notapad2.exe /s 1", and when I click on the link to a Javascript file
> from the error console, Opera runs "notapad.exe /s 4" etc.
>
> Obviously the switches syntax is specific to the platform and the editor,
> so it has to be flexible and configurable. I would see nothing wrong with
> hiding all this in opera:config or let users add this information manually
> in INI files whilst leaving 'normal' users with the default behaviour of
> viewing source in Opera's own viewer or lauching it 'blind' in an external
> viewer set up via the GUI.
Better to simply pass the content type on the command line instead of
trying to encode it in some form. Every loss of information represents
a loss of security.
--
Matthew Winn
[If replying by mail remove the "r" from "urk"]
|
|