[thelist] CMS Recommendations

Christie Mason cmason at managersforum.com
Sun Oct 4 12:09:50 CDT 2009

-----Original Message-----
From: Stephen Rider

My corporate site has a bit of functionality where a non-techie  
employee has to upload data to our site.

I have an Excel script that turns a worksheet into a csv data file,  
and then they upload it via FTP...

--CM Relies--

That's potentially a very, very dangerous approach.  Anyone who knows about
that uploaded file could view it at any time, ex-employees, current
employees, search engines, and many others.  It's a big security hole,
especially if the folder's not password protected and the search engines are
crawling it.  If that's confidential data, then that's the type of exposure
that leads to headlines and lawsuits.

I don't know if you're using PHP, ASP, .NET, etc - or where it's being
imported into (mySQL or MS SQL, etc) but there are better export/import
solutions out there.

Which corporate site is using this approach?  No, don't answer that,
especially in a public list.

Christie Mason


More information about the thelist mailing list