http://www.petefreitag.com/item/701.cfm
And take special note of "Always upload to a temp directory outside of the Web Root" Regards, Andrew Scott http://www.andyscott.id.au/ > -----Original Message----- > From: Steve Bryant [mailto:st...@bryantwebconsulting.com] > Sent: Wednesday, 5 January 2011 9:45 AM > To: cf-talk > Subject: Re: Beta Tester Wanted for new CF (MVC) Framework > > > Andrew, > > You just hit me with a "You should know that" and a "Steve needs to > understand...". I get that you have a headache, but I am not trying to fight > you on this. I am really just trying to get a feel for the threat-level so I can > decide on the appropriate action(s) to take. > > It sounds like (and correct me if I am wrong here) a warning is not currently > needed to recommend storing files outside of the web root but some note > advising about the implications could be helpful. > > I should probably have a page on the topic that covers security implications of > changes of the kind discussed here as well as some comments in > Application.cfm to the effect of "Hey! Don't delete me unless you want to > take some heavy risks!". > > > David, > > I didn't take it as you knocking me. I thought it was a good point and yet > another reason that I need to verify that you can configure to use a .cfm file > as part of the URL path for uploaded files. > > > Thanks, > > Steve > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340439 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
