Rick Faircloth wrote: > This issues just sounds like it could be addressed > by placing limitations on what type of files are acceptable > in the upload. Such as with cffile... I don't really know.
But the point is that <cffile...> would happily accept anything right now. ColdFusion does not care and is *NOT* limiting you here. Your BROWSER is limiting you. Adobe could put all the limits we want! But until the makers of Internet Explorer and FireFox and Opera and all the others get together and decide to go against the recommendations created by the HTTP and HTML standards or these standards are changed, it will not do any good at all. And how would Adobe fixing <cffile...> to be secure protect uses for unscrupulous programmers using ASP, .NET, PHP, PERL, CGI, JAVA, C++ and anything else that could be used to program an page. Especially since the security whole we are talking about does not even require an Application processor. I could hand code a file stealing form in Notepad and save it to a server and then manually collect all the files from the Web Server if this where allowed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311758 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4