Content Types in browsers, can we use the Mime?

I am wondering which mime types are dangerous in browsers to be set as the Content Type, if any??

I am noticing that many forum software, when uploading files, use the application/octet-stream for any files other than images and place that into the Content Type of the header when outputting it. I am wondering why don't they place the actual mime-type instead into the Content Type? Are there security risks involved with this? So far I have used text/css, text/plain, audio/mpeg, and many others and haven't noticed any difference between application/octet-stream and these others.

Does anyone out there know the exact difference, and what makes application/octet-stream any better, or any worse...to use for the Content Type??

Or perhaps there are browser limitations?

I'm talking about getting the Content Type when uploading a file, using $_FILES['myFile']['type'], storing that information into the database, and than using that Content Type in the header for that file when being called upon. Is there any security risk involved with this? and/or Browser limitations?

Up开发者_JS百科dated

If a user uploads a file in IE, and I am using the $_FILES ['type'] variable to store the mime-type into the database, and than another user accesses the file and I get the mime type from the database for the file that was uploaded with the IE mime type and that user is using Firefox to access the file, would that cause any problems?? Or vice versa, and wondering if this would be a problem for any browsers for that matter.

Thank You :)

You can basically use whatever mime type you like. If the browser understands the mime type, it will try to render it; if the browser has plugins set for that specific mime type it will try to launch it; otherwise you just get a download dialog.

The reason why application/octet-stream is used that much is because it more or less implies that a download dialog will show in the browser. So by using that mime type in the Content-Type header, you can force the browser to show a download dialog. That is basically the only reason it is used in such situations.