You should take the same precautions you would with any file upload. Don't allow uploads to web-accessible directories that allow code execution on the server. Better yet, don't allow uploads to web-accessible directories at all, so that your server can't unwittingly host client-side malware. Don't run CF with root credentials, so that successfully uploaded CF scripts can't do bad things to your system.
Dave Watts, CTO, Fig Leaf Software -----Original Message----- From: Brian McCairn <brian.mcca...@medicapp.eu> Sent: Friday, 03 July, 2009 10:38 To: cf-talk <cf-talk@houseoffusion.com> Subject: Re: New CF8 vulnerability what if you want to do file upload with fckeditor? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324204 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
