If you were worried about that you could just give the write permissions on the destination directory only. I never give webuser permission to the whole webroot only the directory it needs to write to.
Eric Haskins Web System Developer On 1/17/07, Dave Watts <[EMAIL PROTECTED]> wrote: > > > As a general rule, I do what Eric suggests. I run CF and > > Apache under the same user (usually apache) and then make > > that user the owner of my web root with perms set to 755. > > Just a practice that I've found works for me. > > The users used by Apache and CF shouldn't be able to change all the > contents > of your web root (especially executable scripts). That's a big audit flag, > in my experience (as well as being an actual vulnerability). > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:266814 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4