I see your point...but what about the fact that it's behind a secured area, with only certain people who have access, and only certain programmers (me, in this case) who have access to the code?
If my client and I both agreed to take the risk, why shouldn't we be able to choose to? My point is, in this case, the hacker couldn't access the file field, so there would be no vulnerability...unless, of course, he hacked into the secured area, which is possible, but still a risk I think should be left in the hands of clients and programmers to take or not. Am I missing something in this issue? Rick -----Original Message----- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 24, 2006 1:26 PM To: CF-Talk Subject: RE: Any reason why a file field can be submitted back to the page it's on? Seems to me the choice to take the risk should be mine... Rick But the risk isn't to you the programmer. This is not a security hole for some hacker to get into a website. It would be a hole for a hacker to use a website to get to a client's computer data. If the option existed, I could create a form that would upload any file I wanted from any visitor to my site as long as I could guess a path to it. With a JavaScript submit, I could even do it without any interaction on the user's end. If it was an option for the programmer, there are many programmers that would use it for bad things. -------------- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA --------- | 1 | | --------- Binary Soduko | | | --------- "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241334 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
