4.1 Security Considerations for Implementers

The .msg File Format provides some mechanisms for ensuring that clients read the correct number of bytes from constituent streams.

  • In the case of multiple-valued variable length properties, the length streamĀ  contains the lengths of each value. Clients can compare the lengths obtained from there with the actual length of the value streams. If they are not in sync, it can be assumed that there is data corruption.

  • In case of the strings, streamĀ  entries are stored prefixed with their lengths; and if any inconsistency is detected, clients can assume that there is data corruption.

However, there are certain inherent security concerns with .msg files:

  • Possible modification of properties, especially security-related flags.

  • The .msg File Format does not provide for any encryption.