Rather than upload what I fear is not very strong code…
Two good links I found since I posted the question this morning:
CFDocs has a very, very basic example of checking mime type on the server:
And Pete Freitag has an updated note from January of this year (2021) which is probably what I will use to rework my file upload to improve security. Then, I’ll see if I am still having the same permissions problem. I also need to look at using an off site storage source like S3 or something. But, one step at a time.