When I released my Neptune framework a few weeks ago, you guys were kind enough to give me some constructive feedback on file upload security. I have made some changes in response to that feedback and I would love to find out what everyone thinks about them.
* Added a file.cfm to serve up uploaded files securely (using CFCONTENT) * Changed a default setting so that files are served up by file.cfm by default (I may change this back, however). * Added a page about file uploads in the documentation. http://www.bryantwebconsulting.com/docs/neptune/file-uploads.cfm * Added notes to the installation page recommending storing files outside of the web root. http://www.bryantwebconsulting.com/docs/neptune/installation.cfm Full blog entry: http://www.bryantwebconsulting.com/blog/index.cfm/2011/1/18/Neptune-Beta-15 Any and all feedback is welcome and appreciated. Thanks, Steve ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340970 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
