--- sean.upton@uniontrib.com wrote:
I'm not familiar with ExternalFile, but likely plan to use it in the future. I think a list of expressly permitted directory locations (including all subdirectories) might be more secure. You can't go wrong with a default directory for files (perhaps $INSTANCE_HOME/var/files or something?), but otherwise an implicit deny all - then leave it up to the user to edit some access list file in the product (for example, call it 'diraccess.txt'). Does this seem reasonable?
Yeah that sounds reasonable to me. Jon ===== ------------------------------------------ JONAGUSTINE LIM Email: jonagustine_lim@yahoo.com ICQ: 2084238 ------------------------------------------ __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2