Grish wrote:
Hmmm good point. So does this mean that the only secure way of having downloads is to have specific actions for each download? Or is there a better approach?
I don't claim to know what the best approach is. As long as your action does sufficient validation of the specified input path (like checking against a whitelist, or only allowing from certain directories (check for ".." path segments!)), your approach may be OK. I tend to have a separate action for each "category" of stuff downloaded from my app (along with category-specific validation). Since I don't know your requirements, I cannot know that that is applicable for you.
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]