I have a situation where is a user is creating subdirectories in a directory
that I know. He's also uploading files via FTP. I know the name of the root
directory, but don't necessarily know the name of the subdirectories and
files.
Is there any way I can put an application.cfc in the root
session scope, but rather
would be a separate list of user names and passwords you could
administer to control how could access that directory.
~Brad
Original Message
Subject: application.cfc for security
From: Robert Harrison rob...@austin-williams.com
Date: Fri, October 09, 2009 1
first of all, users should not be able to upload files below the web root.
that is a dangerous thing to offer to them.
What are you defining as right credentials? If a user can create
directories and upload files using some ftp client then there are a number
of things you can do to make sure each
: application.cfc for security
Not if the files being uploaded are things like images, or text files.
Requests for those file types aren't routed through ColdFusion. Instead
the webserver hands the files directly back to the user.
Options:
1) Store the files outside of the webroot and only allow
, October 09, 2009 2:45 PM
To: cf-talk
Subject: RE: application.cfc for security
Not if the files being uploaded are things like images, or text files.
Requests for those file types aren't routed through ColdFusion. Instead
the webserver hands the files directly back to the user.
Options:
1
5 matches
Mail list logo