The directory that the files are saved to is dynamically generated. Can I
set this attribute with cfdirectory when I create the directory. Or would
the sub dir inherent its parents settings?
At 05:17 PM 22/04/01 -0400, you wrote:
>If you're using IIS then save the file to a folder that does not allow any
>execution or scripting.
>
>HTH,
>
>Howie Hamlin - inFusion Project Manager
>On-Line Data Solutions, Inc.
>www.CoolFusion.com
>631-737-4668 x101
>inFusion Mail Server (iMS) - the World's most configurable mail server
>
>----- Original Message -----
>From: "Brook Davies" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Sunday, April 22, 2001 5:11 PM
>Subject: uploaded files
>
>
> > I have an application which allows clients to upload various files which
> > can later me accessed via the web. My concern is that if the uploaded file
> > has a .cfm extension, when it is reviewed post upload, it could actually
> > execute malicious code on the server. I guess the same would hole true
>with
> > a .exe file (except that execute privileges are disabled).
> >
> > I need to allow a wide range of acceptable upload types, so I can't
> > restrict it at the upload stage. What would be the best way to allow some
> > one to access these files post upload while not posing a security threat?
> >
> > How would I enable a download of a .cfm file or a .js or whatever without
> > having it execute on the server as opposed to promoting for a download?
> >
> > Brook Davies
> >
> >
> >
> >
> >
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
