> However, you should only put files in a web-accessible directory if you
> intend for people to be able to fetch or run them directly within their
> browser by entering the appropriate URL. If you have files that aren't
> intended to be used that way, they shouldn't be in a web-accessible
> directory. If your shared host can't provide the minimal functionality
> required to segregate web content from non-web content, you should find
> another shared host.
I simply prefix any file that shouldn't be run directly with dsp_ or act_ or
similar, and add
<cfif reFind("/..._", cgi.script_name)>
<cflocation url="">
</cfif>
to application.cfm . Tell me why that's less secure.
Matthew Walker
Electric Sheep Web
http://www.electricsheep.co.nz/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
