CFFILE Alternative

Report · Jul 01, 2006

I'm currently working on a project for the Government and I've been told that I can't use cffile to upload documents. (some sort of security risk) I also don't have FTP access on the server. Does anybody have an alternative idea to cffile. Maybe liike java code that can copy and word document, excel, jpeg, etc. to the server? I tried writing some java using the creatObject script but it's not coming out the way I want it to. The file gets created by the readers (IE Photoshop, MS Word, etc) can't read the files.

Report · Jul 01, 2006

Is the problem specific to the CFFILE tag , or is it the concept of accepting files over the internet?

There can be many reason for a company (gov) to not want to have the ability to upload files, but to want it, and then to say not to use CFFILE is kind of contradictory.

Is it because the Server Administrator has locked down the directories to not accept uploaded files? (or the server is not made for that ability). If that is the case then any technology won't help you, the server would have to be opened up.

Is there a 'flaw' in the CFFILE tag that the government is trying to avoid? Does your client have a 'bad experience' with an non secured file upload script that makes them shy away from file uploads.

There are as many ways to upload a file from a client machine to a server machine as there are languages viable for the web. But they all have the same common security failings.
1. You have to have a server that will allow file uploads
2. You have to save the file on the server before you can move, scan, read, rename, etc.
There are many more 'failings in common', but these are the most prominent in my mind right now. The good thing is that they are failngs in 'common' so everyone has to deal with them, AND you just have to build a secure system that matches the clients security risk allowance.

Hope this helps

Report · Jul 01, 2006

There are bunch of tags that the government doesn't allow like CFEXECUTE, CFFILE, CFDIRECTORY, etc. However, they want a file managment system that allows users to upload documents to a repository. At first I had it working with CFFTP but the production is running under secure FTP and I've read that CFFTP can be flakey at best with secure ftp. So now I'm back to square one of trying to write the file to the system without having to use CFFFILE.

Report · Jul 02, 2006

Give back their money and tell them to get someone else. They say they want you to do something and then prevent you from doing it.

By the way, cfftp does not work unless both the sending and receiving machines have ftp enabled, which is rarely the case with client machines.

Report · Jul 02, 2006

Are you sure that both the client and the other server have to thave ftp enabled? I ran a test on my local machine where CF is installed and I was able to upload files just fine to a machine that had ftp setup.

Does anybody know of a way in Java to directly copy a file from the CF file temp directory to the server?

Report · Jul 02, 2006

Hurrah, finally an upload without the cffile tag. The Java streams seem to work, at least for your MSWord upload. I'm now looking to generalize to other MIME types where I encountered problems before.

edited: closed the streams

Report · Jul 02, 2006

Thanks alot! This works perfectly for what I'm trying to do. I'll test it out with other types of files and if it needs modification I'll post what I've written here for anybody else who needs an alternative to cffile. Thanks again!

Report · Jul 03, 2006

!

code edited: streams closed

Adobe Community

CFFILE Alternative