I am trying to understand the security risks associated with enabling the Open Files Based on Content Not File Extension IE security setting.
In my environment I decided to try disabling the IE security setting Open Files Based on Content Not File Extension in the internet zone via group policy. However, this caused all user-uploaded images from a _major_ internet website to stop displaying. (For some reason for this particular website user uploaded images are saved/stored _without_ the appropriate file extension, e.g. my_image.jpg becomes img_308711_60863201).
Based on my very limited tests, if Open Files Based on Content Not File Extension is disabled, it seems that only basic image files (e.g. jpg gif) and other things that are displayed within the browser are opened based on content. Executables and other potentially dangerous files that require and outside program/player are not opened based on content. So perhaps enabling this security setting is not a security risk at all?
So what are the security implications from enabling the Open Files Based on Content Not File Extension security setting? Is it really that big of a deal? Does anybody have an opinion?
Thank you for your help.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.