You should take the same precautions you would with any file upload. Don't allow
uploads to web-accessible directories that allow code execution on the server.
Better yet, don't allow uploads to web-accessible directories at all, so that
your server can't unwittingly host client-side malware. Don't run CF with root
credentials, so that successfully uploaded CF scripts can't do bad things to your
system.
Dave Watts, CTO, Fig Leaf Software
what if you want to do file upload with fckeditor?
