Matt, I suspect it is down to what software you have installed. If you have Excel installed, then a .csv will be linked to excel by default which is "application/vnd.ms-excel". If you have no applications installed that recognize a csv file then it will probably be " text/csv".
In order for there to be any security risk with uploaded files a hacker would need a way to execute them after uploading, so would need to leverage some other security hole in your application or server. As long as there no way to do this then you should be safe to allow "application/octet-stream". You could additionally check the file extension after upload as well. Regards -- Russ Michaels www.cfmldeveloper.com - free CFML hosting for developers my blog: http://russ.michaels.me.uk/ skype: russmichaels ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337600 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
