Thanks for the explanation, Martyn...I see about implementing that security feature...
Rick -----Original Message----- From: Martyn Bowis [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 10:22 PM To: CF-Talk Subject: RE: Mime Type for File Upload Hi Rick, When the user submits their form, I would have a dropdown or hidden field specify what type of file I am expecting (eg: an image). At the end of the day, in my CMS my users are wanting to upload a particular file type (eg: image) and I am wanting to validate that they have uploaded what they have said they are uploading. So, I would evaluate the mime type and file extension and compare them to the allowed values for the specified file type they have said they are uploading. If they say they are uploading an image, but actually upload an exe file renamed with a jpg extension, then the evaluation of the mime type will catch them out. If they are allowed to upload an exe, then they should choose to upload an exe as their file type and my system will then expect an exe extension and application mime type, and therefore allow the upload to be completed. Cheers, Martyn PS: I found the following link on Google that may help with evaluating the mime type: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:48395 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257950 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4