Andrew, I'll have to ponder that.
Right now the following XML would create a table with two file fields, one of which would accept only images and the other would accept only vcard files. <table entity="Contact"> <field name="ContactImage" Label="Image" type="image" folder="images" /> <field name="VCard" Label="vCard File" type="file" folder="vcards" accept="text/x-vcard" extensions="vcf" /> </table> This limitation would provide JavaScript checks for any forms using the built-in form tags and server-side checks for the service component checking both mime-type and file extension. It makes it really easy to limit file types. I could probably change the framework a bit so that it also has a built-in set of mime-types and file extensions to refuse unless they are explicitly allowed in those attributes. Do you think that would be enough to leave off the warning or at least make it a bit more mild? Thanks, Steve >You can never assume limiting by file types when it comes to adding files to >your webroot, through a web uploader. You might want to list in the docs the >risk of leaving it in the webroot, and that it is extremely advisable to >move the folder outside of the webroot. > >Regards, >Andrew Scott >http://www.andyscott.id.au/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340419 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm