

Back to Basics: When allowing user uploads, don't allow uploads to execute code - fekberg
http://www.hanselman.com/blog/BackToBasicsWhenAllowingUserUploadsDontAllowUploadsToExecuteCode.aspx

======
statictype
The author suggests not allowing uploads of files with specific extensions.
That's ignoring the root cause of the problem: allowing uploads into a folder
that your web server knows about. Why would you do that? Save all your uploads
into some isolated directory on disk that the web server knows nothing about.
What am I missing here?

