Just a word of warning - PUT will in fact place a file on the webserver if 1) WRITE access is enabled in IIS for the folder and 2) The account used (IUSR_MACHINENAME for anonymous is default) has NTFS permissions to write to the folder. No coding necessary - just add the PUT header, a filename, and some content. I haven't tried with delete, but I assume it's the same way.
>> But I see many other types of requests >> ( http://www.askapache.com/online-tools/request-method-scanner/ ) >> including MOVE, COPY or DELETE! > >These are used by WebDAV. If your server isn't configured to support >WebDAV, it should ignore those HTTP verbs. > >> My question: is: it safe to allow only GET and POST? > >Yes, if you're not using WebDAV. > >> What is the best practice in CF? > >I don't know if there really is one. CF will, by default, respond to >any HTTP request made to a CF URL, but it won't actually handle PUT or >DELETE unless you explicitly write code to make it do so. You can >typically configure CF to only support specific HTTP request verbs at >the web server. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Software provides the highest caliber vendor-authorized >instruction at our training centers in Washington DC, Atlanta, >Chicago, Baltimore, Northern Virginia, or on-site at your location. >Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4