how important is it to serve the mime-types?
Posted: Mon Dec 07, 2009 6:22 pm
im playing around with writing a template engine. i want it to be concise but powerful, and secure. don't pretend i know what im talking about for one second either.
anyways, my brain is telling me it is important to serve the correct mime-type. i know you can set it through apache or php with headers or even meta tags or whatever.
what im wondering is how this applys to security? is it important to serve correct content-types?
im kind of thinking like what if you create a pdf in php well you need a way to say its a pdf right?
or if you want to use a script to serve images or a script to serve downloads. or whatever
i feel like i already answered my own question but if anyone has any comments or advice? or knows of any places the mime-type can be manipulated i should look at?
thnkies
anyways, my brain is telling me it is important to serve the correct mime-type. i know you can set it through apache or php with headers or even meta tags or whatever.
what im wondering is how this applys to security? is it important to serve correct content-types?
im kind of thinking like what if you create a pdf in php well you need a way to say its a pdf right?
or if you want to use a script to serve images or a script to serve downloads. or whatever
i feel like i already answered my own question but if anyone has any comments or advice? or knows of any places the mime-type can be manipulated i should look at?