The main problem with this is that people can nail your server by uploading huge files that you have to upload before you can ttest to see if you can delete them. I've seen people complain that their 20M ..xls file isn't uploading as though I should support them doing such a thing.
Good luck! On 7/21/05, Matt Robertson <[EMAIL PROTECTED]> wrote: > In addition to what Deanna said, why not specify the file types you > will allow using CFFILE's ACCEPT parameter? The two for Excel are > application/vnd.ms-excel and application/msexcel. > > However CFFILE determines MIME type via the file extension, which > isn't exactly hackproof. If you allow file renaming after upload some > clown can upload any file type as an allowed file type, then rename it > as part of some nefarious scheme. No idea how to fix that... > > -- > --mattRobertson-- > Janitor, MSB Web Systems > mysecretbase.com > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212478 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
