4.1 Security Considerations for Implementers
The .msg File Format provides some mechanisms for ensuring that clients read the correct number of bytes from constituent streams.
In the case of multiple-valued variable length properties, the length streamĀ contains the lengths of each value. Clients can compare the lengths obtained from there with the actual length of the value streams. If they are not in sync, it can be assumed that there is data corruption.
In case of the strings, streamĀ entries are stored prefixed with their lengths; and if any inconsistency is detected, clients can assume that there is data corruption.
However, there are certain inherent security concerns with .msg files:
Possible modification of properties, especially security-related flags.
The .msg File Format does not provide for any encryption.