I'm allowing people to FTP-upload into one of my web server directories, but
I don't want them to be able to upload and run cfm (or asp, etc) scripts.
I right-clicked on the directory in IIS and changed execute permissions to
none, but it seems the cfm files in that directory are still running.
You can add application.cfm or Application.cfc to the folder and cfabort
any request. that will ensure that no cfm file is executed
On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan pkap...@gmail.com wrote:
I'm allowing people to FTP-upload into one of my web server directories,
but
I don't
That's a clever idea but I would preferably like to give users delete
permission on that directory, in which case someone could just delete the
application.cfm file.
On Thu, Aug 20, 2009 at 11:40 AM, Agha Mehdi aghaime...@gmail.com wrote:
You can add application.cfm or Application.cfc to the
Phil-
Your FTP folder should be below your web root - I believe anything in the
web path will be served via the browser. I don't think you can turn off
processing for a directory in the web path. If you are using the content of
the FTP as web content, you can use an upload function through
ssl...@rubbergumball.net wrote:
Phil-
Your FTP folder should be below your web root -
I beleive that quote should be above or outside or possible not be
below.
I.E. Yes, your FTP folder should have NO relation to your web root
folder. Only after you have scrutinized ANYTHING uploaded
There are multiple ways you can do it depending on your setup.
1. Have your ftp folder below the web root
2. Add cfabort to a directory above the ftp folder in the web root so that
it stops any processing on any sub folders.
3. uncheck all options (Read, Write etc) under Directory for that folder
I'm allowing people to FTP-upload into one of my web server directories, but
I don't want them to be able to upload and run cfm (or asp, etc) scripts.
I right-clicked on the directory in IIS and changed execute permissions to
none, but it seems the cfm files in that directory are still
7 matches
Mail list logo