If I recall correctly from the Content-Disposition HTML attachment handling vulnerabilities last year, Opera didn't reliably abide by the Content-Disposition header.
Additionally, Content-Disposition support in IE, Firefox, Opera, Safari and a few others was extremely inconsistent from version to version. -- Thank you, Darren Bounds On 1/4/07, Noe Espinoza M. <[EMAIL PROTECTED]> wrote: > We need to force to the users do download the pdf files > > And we can add to the httpd.conf or .htaccess the next code > > SetEnvIf Request_URI "\.pdf$" requested_pdf=pdf > Header add Content-Disposition "Attachment" env=requested_pdf > > > Other solution is protect our pdf files to external links (hotlinking) > > Add in .htacces > > RewriteEngine on > RewriteCond %{HTTP_REFERER} !^$ > RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?example\.com[NC] > RewriteRule .*\.(pdf)$ http://www.example.com/images/noexternal.gif [R,NC,L] > > > Source from > http://seguinfo.blogspot.com/2007/01/hacking-con-browser-plugins.html > > > > -----Mensaje original----- > De: pdp (architect) [mailto:[EMAIL PROTECTED] > Enviado el: jueves, 04 de enero de 2007 7:17 > Para: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com; Web > Security > Asunto: Universal PDF XSS After Party > > Everybody knows about it. Everybody talks about it. We had a nice > party. It is time for estimating the damages. In this article I will > try to show the impact of the Universal PDF XSS vulnerability by > explaining how it can be used in real life situations. > > http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/ > > -- > pdp (architect) | petko d. petkov > http://www.gnucitizen.org > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/