But what if, like with file uploads, the user were designating a folder of files? What's the security difference?
Rick -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 09, 2005 7:18 PM To: CF-Talk Subject: RE: How to Browse and Choose Directory... > You know, the only reason I've heard discussed as to why > directory contents can't be uploaded en masse like single > files, is security. > > But what is the difference, except numbers of files, between > a client specifying a single file for upload vs. an entire > directory for upload? > > I don't see what the security issue is... > > And, after working through some code, I've come to conclude > that the only way to upload more than one file at a time is > to do what I've done in the past...instead of a single CFFILE > in a form, I would include 5 CFFILE's in a form and the > client could at least upload 5 files at a time, rather than one. Unfortunately, the way file uploads work via HTTP is very simple, and you have no control over it. You can use the HTML INPUT tag to generate a file upload dialog, and you have no control over that either. The only way to bypass these limitations within HTML and HTTP would be to not use HTML and HTTP. For example, some people have suggested ActiveX or Java solutions I think. Those, of course, have their own problems. As far as security goes, the key is that file uploads have to be user-controlled. If you could specify what to upload from your server, whether files or directories or whatever, that would be insecure from your users' perspective. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:198093 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
