If you're using IIS then save the file to a folder that does not allow any
execution or scripting.
HTH,
Howie Hamlin - inFusion Project Manager
On-Line Data Solutions, Inc.
www.CoolFusion.com
631-737-4668 x101
inFusion Mail Server (iMS) - the World's most configurable mail server
----- Original Message -----
From: "Brook Davies" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, April 22, 2001 5:11 PM
Subject: uploaded files
> I have an application which allows clients to upload various files which
> can later me accessed via the web. My concern is that if the uploaded file
> has a .cfm extension, when it is reviewed post upload, it could actually
> execute malicious code on the server. I guess the same would hole true
with
> a .exe file (except that execute privileges are disabled).
>
> I need to allow a wide range of acceptable upload types, so I can't
> restrict it at the upload stage. What would be the best way to allow some
> one to access these files post upload while not posing a security threat?
>
> How would I enable a download of a .cfm file or a .js or whatever without
> having it execute on the server as opposed to promoting for a download?
>
> Brook Davies
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
