I have an application which allows clients to upload various files which
can later me accessed via the web. My concern is that if the uploaded file
has a .cfm extension, when it is reviewed post upload, it could actually
execute malicious code on the server. I guess the same would hole true with
a .exe file (except that execute privileges are disabled).
I need to allow a wide range of acceptable upload types, so I can't
restrict it at the upload stage. What would be the best way to allow some
one to access these files post upload while not posing a security threat?
How would I enable a download of a .cfm file or a .js or whatever without
having it execute on the server as opposed to promoting for a download?
Brook Davies
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
