Absolutely...you just need to ensure that you tell the browser that this is an XML file:
<cfheader name="Content-type" value="text/xml"> Depending upon how you want the browser to cache your XML file, you might also want to condsier some of these other attributes as well: <cfheader name="Cache-control" value="no-cache"> <cfheader name="Cache-control" value="private"> <cfheader name="Cache-control" value="no-store"> <cfheader name="Cache-control" value="must-revalidate"> <cfheader name="Cache-control" value="max-stale=0"> <cfheader name="Cache-control" value="post-check=0"> <cfheader name="Cache-control" value="pre-check=0"> <cfheader name="Pragma" value="no-cache"> <cfheader name="Expires" value="-1"> -----Original Message----- From: Adrian Lynch [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 12:15 PM To: cf-talk Subject: RE: Prevent direct access to XML data file? Sorry if it's been said already, but can you change the extension of the file to .cfm? Adrian -----Original Message----- From: Jeffrey Lemire [mailto:[EMAIL PROTECTED] Sent: 24 November 2008 16:55 To: cf-talk Subject: RE: Prevent direct access to XML data file? Thanks Dave...I wasn't sure if there was something native to CF that would allow me to do this. I've been looking at HotLinkBlocker from Helicon Tech to possibly accomplish this but was trying to avoid introducing another application "layer". I've implemented their URL rewriting application without any issues so I just might give this thing a try. http://www.helicontech.com/hotlinkblocker/ Jeffrey V. Lemire Applications Architect / President [EMAIL PROTECTED] http://www.citadelnetworks.net Voice: 413-746-6141 | Fax: 413-746-6010 -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2008 8:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? > If I set up the datafile outside the webroot, how might I access it for a > SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML > datafile? You can't, really. If it's accessed directly by the client, it needs to be web-accessible. So, if you want to limit access to it, you'll need to use the same methods you'd use to control access to any other web-accessible file - either web server authentication or application server authentication. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4