>Or would
>the sub dir inherent its parents settings?
providing all the files go into sub-directories of the physical directory
set as the root of your virtual directory, yes (oh, assuming none of these
sub-dirs are used as the physical root of some other virtual directory)
Mark
>At 05:17 PM 22/04/01 -0400, you wrote:
> >If you're using IIS then save the file to a folder that does not allow any
> >execution or scripting.
> >
> >HTH,
> >
> >Howie Hamlin - inFusion Project Manager
> >On-Line Data Solutions, Inc.
> >www.CoolFusion.com
> >631-737-4668 x101
> >inFusion Mail Server (iMS) - the World's most configurable mail server
> >
> >----- Original Message -----
> >From: "Brook Davies" <[EMAIL PROTECTED]>
> >To: "CF-Talk" <[EMAIL PROTECTED]>
> >Sent: Sunday, April 22, 2001 5:11 PM
> >Subject: uploaded files
> >
> >
> > > I have an application which allows clients to upload various files which
> > > can later me accessed via the web. My concern is that if the uploaded
> file
> > > has a .cfm extension, when it is reviewed post upload, it could actually
> > > execute malicious code on the server. I guess the same would hole true
> >with
> > > a .exe file (except that execute privileges are disabled).
> > >
> > > I need to allow a wide range of acceptable upload types, so I can't
> > > restrict it at the upload stage. What would be the best way to allow some
> > > one to access these files post upload while not posing a security threat?
> > >
> > > How would I enable a download of a .cfm file or a .js or whatever without
> > > having it execute on the server as opposed to promoting for a download?
> > >
> > > Brook Davies
> > >
> > >
> > >
> > >
> > >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
