This content has been marked as final. Show 7 replies
Is the problem specific to the CFFILE tag , or is it the concept of accepting files over the internet?
There can be many reason for a company (gov) to not want to have the ability to upload files, but to want it, and then to say not to use CFFILE is kind of contradictory.
Is it because the Server Administrator has locked down the directories to not accept uploaded files? (or the server is not made for that ability). If that is the case then any technology won't help you, the server would have to be opened up.
Is there a 'flaw' in the CFFILE tag that the government is trying to avoid? Does your client have a 'bad experience' with an non secured file upload script that makes them shy away from file uploads.
There are as many ways to upload a file from a client machine to a server machine as there are languages viable for the web. But they all have the same common security failings.
1. You have to have a server that will allow file uploads
2. You have to save the file on the server before you can move, scan, read, rename, etc.
There are many more 'failings in common', but these are the most prominent in my mind right now. The good thing is that they are failngs in 'common' so everyone has to deal with them, AND you just have to build a secure system that matches the clients security risk allowance.
Hope this helps
There are bunch of tags that the government doesn't allow like CFEXECUTE, CFFILE, CFDIRECTORY, etc. However, they want a file managment system that allows users to upload documents to a repository. At first I had it working with CFFTP but the production is running under secure FTP and I've read that CFFTP can be flakey at best with secure ftp. So now I'm back to square one of trying to write the file to the system without having to use CFFFILE.
Give back their money and tell them to get someone else. They say they want you to do something and then prevent you from doing it.
By the way, cfftp does not work unless both the sending and receiving machines have ftp enabled, which is rarely the case with client machines.
Are you sure that both the client and the other server have to thave ftp enabled? I ran a test on my local machine where CF is installed and I was able to upload files just fine to a machine that had ftp setup.
Does anybody know of a way in Java to directly copy a file from the CF file temp directory to the server?
Hurrah, finally an upload without the cffile tag. The Java streams seem to work, at least for your MSWord upload. I'm now looking to generalize to other MIME types where I encountered problems before.
edited: closed the streams
Thanks alot! This works perfectly for what I'm trying to do. I'll test it out with other types of files and if it needs modification I'll post what I've written here for anybody else who needs an alternative to cffile. Thanks again!
code edited: streams closed