Well...that's the user's problem...why not risk multiple files
with uploading if they're going to risk one?

I see your point about the greater risk, but that's where the user
needs to be cautious.  I can't see not creating a function for uploading
an entire directory, which would be very useful, just to reduce security
risk...especially since only the user can be held responsible.

Besides, the same thing can accomplished with much more difficulty
using FTP to provide local access to the directory...

I don't get it...is Macromedia just trying to protect itself by not
providing
this functionality?  Trying to protect users?

Rick


-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 09, 2005 7:35 PM
To: CF-Talk
Subject: RE: How to Browse and Choose Directory...


> But what if, like with file uploads, the user were designating
> a folder of files? What's the security difference?

For one thing, a user might not know about all the files within a directory,
so they could potentially be manipulated into uploading sensitive files. But
in any case, it doesn't matter, since you can't specify a directory to
upload from within an HTML form.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:198110
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to