>if someone wants to upload an .exe file all they have >to do is give it a .pdf extension. Plan your security for that as >best you can.
What type of security can prevent that? What can truly determine what type of file a file is except by extension? Rick -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 8:33 PM To: CF-Talk Subject: Re: Mime Type for File Upload Bear in mind that cffile simply matches the mime type to its allowed extension... so if someone wants to upload an .exe file all they have to do is give it a .pdf extension. Plan your security for that as best you can. For example don't allow file renaming! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257975 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4