My friend's host has no upload facility. They also block uploading scripts.
As she wants to be able to upload files easily I have opened her ftp folder within an iframe when she has logged into her admin functions.
This allows her to drag and drop files when she's viewing in Windows & IE.
What I'd like to know is how safe a method is this?
What ways can I make it safer?