Why are MIME types needed if we can identify file types by their extensions?

iis mime

If people's computers can decide what to do with files based on their extensions (.pdf, .mp3, .docx, .dotx, etc.), why do web servers and email apps need to also specify a MIME type?

I can see this being useful if you want to deliver a file in a way that differs from the default (e.g. show a .py or .html file as plain text) or if the file extension is unregistered on the client computer, but in most cases, if I'm creating a new file format (say .foobaz) and want to enable people to share these files on the web and over email, shouldn't it be sufficient to rely on the client recognizing the file extension?


Solution 1:

Mime type clearly specifies the intended use of the file. File extensions only hint at the content. Both can be wrong. DOC has been used by a number of text editors with a variety of internal file formats.

Faking extensions is used extensively to mislead people as the the file type. This can be used to malware of various kinds. It can also lead to security bugs. If myfile.txt would be validated for security as a text file, and later by content inspection is run as an executable, you may end up with an infected machine.

Unix uses an executable bit to indicate which file can be run. Scripts can start with a bang path indicating which interpreter should execute them. The file command can be used to fairly reliably determine the file type with or without an extension.

Using extensions to identify which file use can lead to ambiguity. If I have myfile.exe, myfile.com, myfile.bat, and myfile.cmd, which runs if I run the command myfile.

Solution 2:

You are looking at it the wrong way round.

A file needs a mimetype so a client knows how to handle the file.

Your question should the other way round too:

Why do we need file extensions if we can identify file types by the mime type?

To which the answer is probably to make is easier for humans to identify what type a file is by looking at the name. There may be other reasons on Windows.

Solution 3:

That only happens in the windows world in the unix world files do not have to have an extension they are identified by mime type.

Related

Can a non-VLAN-aware switch pass 802.1q tagged packets?
How is packet collision avoided in full duplex mode?
Is there a quick way to create a Windows shortcut to a file without it validating the path?
Changed value in Registry
Server Room Temperature Control - Does anyone have a similar setup?
Under what circumstances is it a good idea to re-index tables every night?
Certain SQL queries performing very poorly in ESXI hosted environment
LVM is reporting I/O errors, but the disk reports no problems. Argh
Mount NTFS (read/write capability) on Ubuntu
phpBB: How to handle spammy registrations?
Are you Familiar with the Microsoft 'Internal Use' License? [duplicate]
Can I use IPv6 today?