>>I agree to both Steven and Azadi's solution. Of course I know this solution. I thought I had a simpler one.
>>Someone can rename a CFM file to a PDF file and upload it. Now that CFM code can be executed on the server. No way. Even if the pseudo pdf file actually contains CFML code, it cannot be executed. At best, the file will be sent as a pdf file by CFCONTENT then application.cfm CFABORTs Furthermore, only the customer, who has paid for his system, is able to upload files. I doubt he ever attemps to sabotage his own system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345541 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm