if your only dealing with images and are stopping all other file types being uploaded then what is the issue with allowing them to be uploaded to the website ? the only scenario where I can think of this being an issue is if someone renamed a CFM file to .JPG, uploaded it and then renamed it back to .cfm so they could run it. But unless they have some other form of access then they wouldn't be able to rename the file.
On Sun, Jun 16, 2013 at 3:37 PM, Dave Watts <[email protected]> wrote: > > I think this got bounced, so I'll try again. > > On Sat, Jun 15, 2013 at 1:41 PM, Dave Watts <[email protected]> wrote: > >> Would you consider the CF temp directory to be safe? > > > > I think it would be safe as long as there's only a single web > > application being run by CF. Otherwise, I'd have to think about it > > more carefully - I suppose there might be a possibility that someone > > could use the temp directory to get something from one application > > into another, although the conditions for doing so would presumably be > > quite specific. > > > >> Some hosting companies have the webroot folder one below the top of the > >> client's user space so an upload folder can be created alongside the > >> webroot folder but if that cannot be done then the folder has to be > >> elsewhere... > > > > If the hosting company doesn't provide a place to store things that > > you don't want mapped to the web server, I would want to switch to a > > different host. > > -- > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355945 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
