If my client and I both agreed to take the risk, why shouldn't we be able to choose to?
My point is, in this case, the hacker couldn't access the file field, so there would be no vulnerability...unless, of course, he hacked into the secured area, which is possible, but still a risk I think should be left in the hands of clients and programmers to take or not. Am I missing something in this issue? Rick Yes you are missing the point that the hacker is not attacking you. YOU ARE THE HACKER! This is not to protect you and your system from anything. It is to prevent you, or anybody else, from tricking poor dumb web users by creating pages to steal their data whenever they visit your site. Just because you would be a responsible programmer and use it only in good ways does not prevent any other programmer out there to use it to steal any data they can get their hands on. If one could provide a value to a file upload field. One could create a webpage that steals the registry or any other file of interest just by having people visit my website. Then I just need to put it into some popular website or somehow get lots of people to visit and yeehaw, I have lots of stolen data. -------------- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA --------- | 1 | | --------- Binary Soduko | | | --------- "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241340 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
