You are describing the "proper" way to do it terry. Just keep in mind that
before anything happens that writes a file to "c:\uploads" the file is first
collected and stored in the CF temp directory. CF is gathering the HTTP post
data together there and will assemble ("write" your binary file) to the
uploads directory after the whole file comes in. So even though you are
storying in A then moving to B - you are actually storing in A, moving to B,
then moving to C :)Here's a post about a clever hack using file upload that exploits the upload of files to the web root. http://www.coldfusionmuse.com/index.cfm/2009/9/18/script.insertion.attack.ve ctor Mark Kruger - CFG CF Webtools www.cfwebtools.com www.coldfusionmuse.com O: 402.932.3318 E: [email protected] Skype: markakruger -----Original Message----- From: [email protected] [email protected] [mailto:[email protected]] Sent: Sunday, June 16, 2013 6:30 PM To: cf-talk Subject: Re: Safety for image uploads >If you upload the file to something out of web root then you should be >safe. Never upload to webroot. Ever. Thank you Raymond and the others. Now lets say the root is c:\inetpub\wwwroot\domainname and I use cffile to upload the jpg only file to c:\uploads use my cfimage to resize it, convert it to a png and save it to: c:\inetpub\wwwroot\domainname\slideshow\, then add the image to my cf code that runs the slideshow. Do you see any thing I have missed? Terry ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355952 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
