On Thu, 16 Mar 2006 17:11:00 +0100, Michael Sullivan <[EMAIL PROTECTED]> wrote:
> this url is logical and cross-compatible > http://feeds.feedburner.com/ > spainfulfilms?id=25&file=fashion05POD.mp4 Is it? This is an identical URL: http://feeds.feedburner.com/spainfulfilms?file=fashion05POD.mp4&id=25 Should it always be "file" or should other values be permitted? What are the security implications of identifying a filename via the query string? This is a classic case of "if it ain't broke, don't fix it". There *is* a standard handling these issues. It's called HTTP, and it's very stable and very well supported. If your library can't handle basic HTTP features like 302 headers and seperating the filename from the query string, you need to get a new library. If you want to find the type of file behind a URL it's an easy three step process: 1. Resolve all redirects (your library should do this for you). 2. Check the "Content-type" header for a mime type. If this is a known video format, great if not... 3. Check the file name. If it ends in .mp4, .m4v or another known troublemaker *and* the content-type is set to "text/plain" assume that it's an mp4. If not assume you're recieving text/plain. Not rocket science. If your HTTP library is faulty then enclosures will be the least of your worries. Fix your library instead of asking the whole wide world to adopt some arbitrary format. There are issues with HTTP, but this ain't one of them. -- Andreas Haugstrup Pedersen <URL: http://www.solitude.dk/ > Commentary on media, communication, culture and technology. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
