There are multiple ways you can do it depending on your setup. 1. Have your ftp folder below the web root 2. Add cfabort to a directory above the ftp folder in the web root so that it stops any processing on any sub folders. 3. uncheck all options (Read, Write etc) under Directory for that folder and set the execute permission to None
On Thu, Aug 20, 2009 at 11:47 AM, Philip Kaplan <pkap...@gmail.com> wrote: > > That's a clever idea but I would preferably like to give users "delete" > permission on that directory, in which case someone could just delete the > application.cfm file. > > On Thu, Aug 20, 2009 at 11:40 AM, Agha Mehdi <aghaime...@gmail.com> wrote: > > > > > You can add application.cfm or Application.cfc to the folder and > <cfabort> > > any request. that will ensure that no cfm file is executed > > > > On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan <pkap...@gmail.com> > wrote: > > > > > > > > I'm allowing people to FTP-upload into one of my web server > directories, > > > but > > > I don't want them to be able to upload and run cfm (or asp, etc) > scripts. > > > > > > I right-clicked on the directory in IIS and changed "execute > permissions" > > > to > > > "none," but it seems the cfm files in that directory are still running. > > > > > > Here's an example: > > > http://hitmelater.com/affiliate/index.cfm > > > > > > Any ideas? > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325574 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
