Hi Rick, Use PHP as this can definitely determine mime type as well as file extension.
See the following: http://php.about.com/od/advancedphp/ss/php_file_upload_5.htm I don't limit myself to CFM, PHP or any other language. Often PHP is a great compliment to CFM code ... and of course you can submit form.cfm to upload.php and then redirect back to form.cfm Cheers, Martyn -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 1:18 AM To: CF-Talk Subject: RE: Mime Type for File Upload >if someone wants to upload an .exe file all they have to do is give it >a .pdf extension. Plan your security for that as best you can. What type of security can prevent that? What can truly determine what type of file a file is except by extension? Rick -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:33 PM To: CF-Talk Subject: Re: Mime Type for File Upload Bear in mind that cffile simply matches the mime type to its allowed extension... so if someone wants to upload an .exe file all they have to do is give it a .pdf extension. Plan your security for that as best you can. For example don't allow file renaming! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257977 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
