Re: Prevent direct access to XML data file?
On Tuesday 25 Nov 2008, Dave Watts wrote: There's a list on their site. One of them claims to rewrite all the links on your site to have unique time bomb'ed URIs... Yeah, that sounds like a great idea. No, wait, it doesn't. Aye. Book marking must be fun :-) -- Tom Chiverton Helping to centrally exploit networks This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315946 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
The most comprehensive method gives you unbreakable protection technology based on a cryptographic signing and link expiration. I'm tempted to buy it just to break it and demonstrate how futile the process is. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2008/11/26 Tom Chiverton: On Tuesday 25 Nov 2008, Dave Watts wrote: There's a list on their site. One of them claims to rewrite all the links on your site to have unique time bomb'ed URIs... Yeah, that sounds like a great idea. No, wait, it doesn't. Aye. Book marking must be fun :-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315971 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Prevent direct access to XML data file?
On Wednesday 26 Nov 2008, James Holmes wrote: I'm tempted to buy it just to break it and demonstrate how futile the process is. I can think of a way to do it, maybe. for every href=/dir/file.ext convert to href=/secure/token where token is a time-limited token tied to the original file, uniq. to each request. You can do that in an output filter in the web server or a front-end proxy. When /secure/token is requested, if the token is still within it's limit, send back the original content (don't redirect, obv.) else fail. Yes, you could still get it by screen scraping, but it'd be more work - at the end of the day that's all you can really do if the file has to be accessible. -- Tom Chiverton Helping to preemptively incubate synergistic models This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315985 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Prevent direct access to XML data file?
I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. What I'm actually trying to prevent is something similar to when people try to hotlink images directly (http://domain.com/theimage.jpg). The image is publicly available when called from a web page but applications such as the ones provided by HeliconTech prevent direct access to the image whether it be from a browser or a server generated application. The issue here is that I'm looking to make the data publicly available when it's pulled into a web page to be displayed within a browser but prevent direct access to the raw xml datafile (http://domain.com/xml-data.cfm). I don't mean to sound paranoid but there are a few competing websites in our area of expertise that would like to download the XML datafile to import into their own database. I've looked at securing it using http_referrer but was looking for a solution that was a bit more robust. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 1:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? Sorry if it's been said already, but can you change the extension of the file to .cfm? Absolutely...you just need to ensure that you tell the browser that this is an XML file ... I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315866 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Prevent direct access to XML data file?
But can you rename the .xml file to anything you want? If you can, rename to my-xml-file.cfm and then you can secure with CF. Adrian -Original Message- From: Jeffrey Lemire [mailto:[EMAIL PROTECTED] Sent: 25 November 2008 11:25 To: cf-talk Subject: RE: Prevent direct access to XML data file? I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. What I'm actually trying to prevent is something similar to when people try to hotlink images directly (http://domain.com/theimage.jpg). The image is publicly available when called from a web page but applications such as the ones provided by HeliconTech prevent direct access to the image whether it be from a browser or a server generated application. The issue here is that I'm looking to make the data publicly available when it's pulled into a web page to be displayed within a browser but prevent direct access to the raw xml datafile (http://domain.com/xml-data.cfm). I don't mean to sound paranoid but there are a few competing websites in our area of expertise that would like to download the XML datafile to import into their own database. I've looked at securing it using http_referrer but was looking for a solution that was a bit more robust. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 1:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? Sorry if it's been said already, but can you change the extension of the file to .cfm? Absolutely...you just need to ensure that you tell the browser that this is an XML file ... I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315868 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
I don't mean to sound paranoid but there are a few competing websites in our area of expertise that would like to download the XML datafile to import into their own database Unless you require authentication, there isn't much you can do to stop them. If I visit your website, and your AJAX solution downloads that file, it's now on my machine, or can easily be captured by any number of proxies, etc, that exist to do just this sort of thing. I've looked at securing it using http_referrer but was looking for a solution that was a bit more robust. I'm pretty sure that's all the Helicon solution looks at. There isn't much you can do here. You can either require authentication, which will stop people without credentials, or you can look at HTTP_REFERER, which is unreliable and easily defeated. If you use CF to process the request, you can do anything that the Helicon product does. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315883 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Prevent direct access to XML data file?
On Tuesday 25 Nov 2008, Dave Watts wrote: I've looked at securing it using http_referrer but was looking for a solution that was a bit more robust. I'm pretty sure that's all the Helicon solution looks at. There isn't There's a list on their site. One of them claims to rewrite all the links on your site to have unique time bomb'ed URIs... -- Tom Chiverton Helping to widespreadedly accelerate attention-grabbing front-end markets This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315886 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
There's a list on their site. One of them claims to rewrite all the links on your site to have unique time bomb'ed URIs... Yeah, that sounds like a great idea. No, wait, it doesn't. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315890 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Prevent direct access to XML data file?
Sorry if it's been said already, but can you change the extension of the file to .cfm? Adrian -Original Message- From: Jeffrey Lemire [mailto:[EMAIL PROTECTED] Sent: 24 November 2008 16:55 To: cf-talk Subject: RE: Prevent direct access to XML data file? Thanks Dave...I wasn't sure if there was something native to CF that would allow me to do this. I've been looking at HotLinkBlocker from Helicon Tech to possibly accomplish this but was trying to avoid introducing another application layer. I've implemented their URL rewriting application without any issues so I just might give this thing a try. http://www.helicontech.com/hotlinkblocker/ Jeffrey V. Lemire Applications Architect / President [EMAIL PROTECTED] http://www.citadelnetworks.net Voice: 413-746-6141 | Fax: 413-746-6010 -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2008 8:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? If I set up the datafile outside the webroot, how might I access it for a SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML datafile? You can't, really. If it's accessed directly by the client, it needs to be web-accessible. So, if you want to limit access to it, you'll need to use the same methods you'd use to control access to any other web-accessible file - either web server authentication or application server authentication. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315822 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Prevent direct access to XML data file?
Thanks Dave...I wasn't sure if there was something native to CF that would allow me to do this. I've been looking at HotLinkBlocker from Helicon Tech to possibly accomplish this but was trying to avoid introducing another application layer. I've implemented their URL rewriting application without any issues so I just might give this thing a try. http://www.helicontech.com/hotlinkblocker/ Jeffrey V. Lemire Applications Architect / President [EMAIL PROTECTED] http://www.citadelnetworks.net Voice: 413-746-6141 | Fax: 413-746-6010 -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2008 8:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? If I set up the datafile outside the webroot, how might I access it for a SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML datafile? You can't, really. If it's accessed directly by the client, it needs to be web-accessible. So, if you want to limit access to it, you'll need to use the same methods you'd use to control access to any other web-accessible file - either web server authentication or application server authentication. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315821 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Prevent direct access to XML data file?
Absolutely...you just need to ensure that you tell the browser that this is an XML file: cfheader name=Content-type value=text/xml Depending upon how you want the browser to cache your XML file, you might also want to condsier some of these other attributes as well: cfheader name=Cache-control value=no-cache cfheader name=Cache-control value=private cfheader name=Cache-control value=no-store cfheader name=Cache-control value=must-revalidate cfheader name=Cache-control value=max-stale=0 cfheader name=Cache-control value=post-check=0 cfheader name=Cache-control value=pre-check=0 cfheader name=Pragma value=no-cache cfheader name=Expires value=-1 -Original Message- From: Adrian Lynch [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 12:15 PM To: cf-talk Subject: RE: Prevent direct access to XML data file? Sorry if it's been said already, but can you change the extension of the file to .cfm? Adrian -Original Message- From: Jeffrey Lemire [mailto:[EMAIL PROTECTED] Sent: 24 November 2008 16:55 To: cf-talk Subject: RE: Prevent direct access to XML data file? Thanks Dave...I wasn't sure if there was something native to CF that would allow me to do this. I've been looking at HotLinkBlocker from Helicon Tech to possibly accomplish this but was trying to avoid introducing another application layer. I've implemented their URL rewriting application without any issues so I just might give this thing a try. http://www.helicontech.com/hotlinkblocker/ Jeffrey V. Lemire Applications Architect / President [EMAIL PROTECTED] http://www.citadelnetworks.net Voice: 413-746-6141 | Fax: 413-746-6010 -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Sunday, November 23, 2008 8:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? If I set up the datafile outside the webroot, how might I access it for a SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML datafile? You can't, really. If it's accessed directly by the client, it needs to be web-accessible. So, if you want to limit access to it, you'll need to use the same methods you'd use to control access to any other web-accessible file - either web server authentication or application server authentication. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
Sorry if it's been said already, but can you change the extension of the file to .cfm? Absolutely...you just need to ensure that you tell the browser that this is an XML file ... I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315831 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Prevent direct access to XML data file?
Hi Peterthank you for responding to this. If I set up the datafile outside the webroot, how might I access it for a SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML datafile? -Original Message- From: Peter Boughton [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2008 8:45 AM To: cf-talk Subject: Re: Prevent direct access to XML data file? Is it possible to prevent direct access to an XML datafile? Yes. Best option: store it outside the webroot. Next best option: Use .htaccess to block access. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315814 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
If I set up the datafile outside the webroot, how might I access it for a SpryDataset (Spry.Data.XMLDataSet) which requires a URL accessible XML datafile? You can't, really. If it's accessed directly by the client, it needs to be web-accessible. So, if you want to limit access to it, you'll need to use the same methods you'd use to control access to any other web-accessible file - either web server authentication or application server authentication. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315815 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
Hi jeffrey There are a lot of variables here. What platform, read/write limits, directly through a browser, or through cf? Blocking browser calls is fairly easy through access control on the web server. The best probable way would be to throw it in a secured directory (ie _private), and then create a gateway script through which people interact with it, but that doesn't protect from other devs from writing code to access it. Cf sandbox security might come into play there. Speeves On 11/19/08, Jeffrey Lemire [EMAIL PROTECTED] wrote: Is it possible to prevent direct access to an XML datafile? Similar to verifyClient() for AJAX request, I was hoping that there was one for an XML data file request as well. TIA! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315657 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Re: Prevent direct access to XML data file?
How are you accessing your XML file? If it's being accessed via CFML, you can place it outside your webroot, and it will not be browsable... Seb Is it possible to prevent direct access to an XML datafile? Similar to verifyClient() for AJAX request, I was hoping that there was one for an XML data file request as well. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Re: Prevent direct access to XML data file?
How are you accessing your XML file? If it's being accessed via CFML, you can place it outside your webroot, and it will not be browsable... If the file must be accessible to CFML code but not from an HTTP call, one solution I use is to have cfsilent as root element. This way any HTTP request will get nothing. It has the benefit of working even with those hosting spaces where you can't place anything outside the webroot. All my configuration files are like this. Massimo Foti, web-programmer for hire Tools for ColdFusion, JavaScript and Dreamweaver: http://www.massimocorner.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315664 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Prevent direct access to XML data file?
Is it possible to prevent direct access to an XML datafile? Yes. Best option: store it outside the webroot. Next best option: Use .htaccess to block access. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315671 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Prevent direct access to XML data file?
Is it possible to prevent direct access to an XML datafile? Similar to verifyClient() for AJAX request, I was hoping that there was one for an XML data file request as well. TIA! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315653 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4