pan-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-devel] Re: Launching attachments on Windows?

From: Darren Albers
Subject: Re: [Pan-devel] Re: Launching attachments on Windows?
Date: Sat, 03 Feb 2007 19:15:49 -0500
User-agent: Thunderbird 1.5.0.9 (X11/20070103) 
Duncan wrote:


That's one reason I had suggested simply feeding it to the browser.  That
way, the browser deals with it, and one would /hope/ the browser is sanely
configured as to what it opens and what it doesn't.  Not that I'd really
trust IE, but if that's what folks have for their browser...

Don't nearly all browsers handle URIs of the file:/// type?  (That won't
be treated as local/trusted zone on IE, I hope?)  And Charles already has
pan setup with browser detection/configuration for each platform.
I am not sure if feeding it to a browser is possible, for Gnome and KDE you use gnome-open and kfmclient exec respectively for URL's and files so they act the same way. So if we don't filter the file types they will all be passed to whatever mime handler is configured on those systems. This could be dangerous if someone opens a shell script and it is passed to Gnome who ask the user to open or display. A less savy user might select open...
For Windows users you use shellexec which calls the default app for that extension, for URL's we use rundll32 url.dll,FileProtocolHandler, but if we do that then IE (or whatever web browser is the default) will then be used to open all files. I don't think this is what people want to happen. Plus I think local files are treated as in the local zone and the very thought of sending files to IE makes me shiver in fear! 

I think there are at least four options:
1) Filter it to only allow images, text, and multimedia files to be opened
2) Filter it so that executable files and the standard list of files blocked by most mail servers cannot be opened. This would be files like .scr's, .cmd, .bat, .com, and .exe for windows and any any shell scripts or files marked as executable under Linux. 
3) Allow any file to be opened without warning
4) Allow any file to be opened but with a warning regarding unknown attachments.
At this time Option #2 seems to be the most acceptable option with a fallback to send files to a specific app or script if someone wants to do something special.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]