That's a clever idea but I would preferably like to give users "delete" permission on that directory, in which case someone could just delete the application.cfm file.
On Thu, Aug 20, 2009 at 11:40 AM, Agha Mehdi <aghaime...@gmail.com> wrote: > > You can add application.cfm or Application.cfc to the folder and <cfabort> > any request. that will ensure that no cfm file is executed > > On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan <pkap...@gmail.com> wrote: > > > > > I'm allowing people to FTP-upload into one of my web server directories, > > but > > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > > > I right-clicked on the directory in IIS and changed "execute permissions" > > to > > "none," but it seems the cfm files in that directory are still running. > > > > Here's an example: > > http://hitmelater.com/affiliate/index.cfm > > > > Any ideas? > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325571 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
