Not to mention that if there is any hosting provider that doesn't allow for this, then they should be avoided at all costs.
It would be within their best interests to stop all exploits, so if they have a customer that does file uploads and that customer can't have a folder not accessible from the web, then not only is the customer at risk, but all other shares/customers and not to mention the hosting provider is at serious risk. Any decent hosting provider does set this up, for this exact reason. So I really don't see that as an argument for not being able to move the temp directory away from the URL. Regards, Andrew Scott http://www.andyscott.id.au/ > -----Original Message----- > From: Mark A. Kruger [mailto:mkru...@cfwebtools.com] > Sent: Wednesday, 5 January 2011 3:04 PM > To: cf-talk > Subject: RE: Beta Tester Wanted for new CF (MVC) Framework > > > Steve, > > Ok... given your arguments I buy it. As long as you fully document the > nuances involved. I would point out however that folks who are using a > shared host with limited access to folders may also not be able to "tighten > down" the folder's execute permissions... but you can't think of everything > eh :) > > -mark > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340456 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm