> I guess it wouldn't be possible to allow the functionality > only when a user is uploading files from their own system and > not from an external source?
It doesn't matter where the files come from. If I'm using a browser, I don't want it to be able to arbitrarily upload ANY file without my explicit instructions. > Or is that what the proposed Javascript and Active X alternatives > do? There aren't any JavaScript alternatives here; JavaScript has, by default, the same security limitations as anything else that runs as part of the browser. Java and ActiveX programs, on the other hand, can bypass these limitations because they are separate programs. By default, Java programs run in their own security sandbox - the limitations imposed by the virtual machine - to prevent these sorts of problems as well, but ActiveX programs can do anything that the user's permissions would allow. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241462 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
