[thelist] ASPUpload: using dynamic path name [Resolved; Solution]
Anthony Baratta
anthony at baratta.com
Wed Apr 2 11:41:19 CDT 2008
Glad you solved this.
I would add one thing to your setup:
Don't use the parameter from the form to build your document path. This is hackable, and people can attempt to drop files into your server in areas you don't want them to.
You should use some type of indexing/code to map to your intended drop folders:
e.g.
1 :: /images
2 :: /word_docs
3 :: /excel_docs
etc.
This way you are forcing the file into a set of folders and not "wide" open. Also, make sure you have your permissions setup correctly so that *only* these folders are writable by the IIS service.
Hope that helps.
More information about the thelist
mailing list