Note that "immediately" deleting a file is not 100% safe. You want to ensure you upload the file into a folder that is NOT web accessible. I've been hacked before by someone who simply used a network tool to send a huge number of requests in at one time. Even though I was immediately deleting the file their hack script worked fast enough.
On Sat, Jul 9, 2011 at 11:12 PM, Maureen <[email protected]> wrote: > > Are you using CFFile to upload the files? If so, it returns a > variable CFFILE.ServerFileExt > > Check that variable to see if matches one of the allowed extensions. > If not, immediately delete the file, and present whatever error > message you wish to show. > > Something like this (note syntax not correct - just pseudocode) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:5359 Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-newbie/unsubscribe.cfm
