Andrew, The default folder for uploading files has a Application.cfm that just contains <cfabort> to help mitigate that risk. Assuming the uploads themselves limit file types allowed, how serious a risk do you think that is?
Also, yes, easy to configure. Just change the "UploadPath" setting in _config/config.cfm to whatever location you want and change the "UploadURL" appropriately. I think the UploadURL could be something like "/file.cfm?file=", but I haven't tested that yet. Thanks, Steve >You are promoting a security risk with the uploaded files folder as being >under the webroot, I hope this is configurable. > >Regards, >Andrew Scott >http://www.andyscott.id.au/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340413 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
