So, to enable the kind of functionality I'm proposing would mean to provide complete open access to all files on a site visitor's system?
If that's the case, then I understand why the W3C wrote it out of the specs. However, since Javascript and Active X have been suggested as alternatives to accomplish my programming goals, how can Javascript or Active X accomplish this without creating the vulnerability? (Although I haven't used it in programming, I know Active X has a reputation for creating vulnerabilities, and I guess Javascript, too) Rick -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Thursday, May 25, 2006 5:01 AM To: CF-Talk Subject: Re: Any reason why a file field can be submitted back to the page it's on? Rick Faircloth wrote: >> any malicious programmer could exploit it in their own web pages > > You mean that a malicious programmer could be hired by someone > to code web pages for them and then take advantage of the person > hiring them. Am I understanding? No. > But, like I said in another post...I'm sure I don't understand all the > security issues surrounding the decision, so I won't pass final judgment > on the W3C without better understanding... Let's say I rip out this security from Firefox and compile a Firefox version specially for you. You start using it. Everybody starts using it. You visit one of my websites and through some slick, hidden HTML I decide that you should upload your Filezilla profile to my website. Your browser, without this security, uploads the asked file to me. I now have a copy of all your FTP passwords. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241430 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
