-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Would a cflock with a timeout value around the cffile tag > abort the upload > if it was taking longer than the timeout value seconds? > > Wrap this in a try/catch statement and tell the user the > file they were > attempting to upload was to too big. > > Would that work? Nope... The timeout value in CFLOCK is the timeout while waiting for the lock to be granted. Once the lock is granted (IE once the code within the lock starts running), all bets are off, and it can stay locked until RequestTimeOut. Setting a reasonable RequestTimeOut value is probably your best bet to prevent a DoS here. Unfortunately, that doesn't stop malicious users from specifying their own value (I *hate* the way Allaire set that up...) Best regards, Zac Bedell -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> Comment: Please use PGP! iQA/AwUBOlyRJ6vhLS1aWPxeEQJKKgCeO8DFZwwgy08+H5XH3NGnBNl0JuYAoII/ 8dmjZstM2aYpX1VURnlIhf2O =+fgo -----END PGP SIGNATURE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
