Andy Chen wrote: > Now the reason that I heard is that it was disabled in the first place is > that the FCKEditor file manager isn't too good (which I can agree) and there > is a potential security problem which can happen if you do this... what is > the security problem? Besides seeing a bit of the directory structure of the > site and overwriting image files that other people may have placed, I can't > see what other security issue that might be present. > Well, one thing you can do is to simply disallow folder creation and/or file upload from within FCKEditor instances.
Allowing access to an existing file system isn't as big an issue, I'd think, than allowing someone to modify it. And yeah, the file browser could be better, but it's still not half-bad considering it's all HTML and Javascript. A Java applet has much greater "ooh shiny" potential here, naturally. --Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:288432 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
