Yeah, not being able to disable "execute" permissions would be annoying, but I think the other protections should still cover the possibilities pretty well. Nonetheless, that probably does deserve a note in the docs (including "we would recommend finding another host").
Just to clarify, I do think the temporary directory for processing file uploads during validation should be outside the web root. I am confident I can accomplish that without impact to the user of the framework. Thanks, Steve ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340458 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
