You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You need to answer at least the security questions of how a client is
protected from a malicious server, and how a server is protected from a
malicious client, as well as how the connection (client and server) is
protected against a malicious file. Consider what happens if a file contains
a number of predicted boundary values, and the server or client is not good
at picking random numbers for those boundaries. Note, for instance, how SMTP
does this in the DATA command - the DATA ends with a line containing only
".". Any line beginning with a "." in the data has to be prefixed by another
".". The receiver then simply strips out the first dot on each line. Don't
give in to the idea that "random numbers can't be guessed", or that
accidental occurrences or malicious action won't ever successfully reproduce
the boundary condition. Make it IMPOSSIBLE.
