RE: security upload/download files

Mon, 11 Sep 2000 10:10:08 -0700 

You control what the users are allowed to see with CFDirectory, so I don't see much of 
a risk there.

CFFILE opens your server up to allowing people to upload files.  That, in itself, 
isn't necessarily a security a risk.  The CFFILE tag could be used by malicious users 
for things like uploading files continuously until your hard drive is full and 
uploading viruses.  You would therefore probably want to setup a drive separate from 
your operating system to handle web sites that use CFFILE.  Also, you want to have a 
good virus scanner.

That's my 2 cents worth.

(by the way, these two tags could be used maliciously by other CF Developers on the 
same box, so if you're an ISP, that's something to consider, but otherwise, don't 
worry about it)

--------------------------------------------------------------
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net 
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--------------------------------------------------------------


> -----Original Message-----
> From: Birgit Pauli-Haack [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 11, 2000 9:06 AM
> To: cf-talk
> Subject: security upload/download files
> 
> 
> Dear fellows:-))
> 
> I would need information security-wise about the dos and don'ts 
> with having
> users upload/download files to the server.
> I would know how to use CFFILE and CFDIRECTORY
> 
> The server is IIS4 running CF 4.01, database is Access97.
> 
> This is my first application in CF and I am not very familiar 
> with web server
> security. So I am not able to asked specific questions, sorry.
> 
> 
> Best regards,
>  Birgit 
> 
> ICQ: 55825488
> 
> 
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
> _talk or send a message to [EMAIL PROTECTED] with 
> 'unsubscribe' in the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to