Correct that's what I meant exactly the same when I mentioned System DSN in which as Rob mentioned there is no need to have the excel in your webroot but it could be in your D$ or E$..
-Sandy V -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Saturday, January 13, 2007 2:19 AM To: CF-Newbie Subject: Re: Securing a CSV file Obviously using a "proper" database engine would be better but if you have to use a CSV, move it out of your web root and then create a ColdFusion mapping to it's new location - it will no longer be accessible to the world but will be to ColdFusion. "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: John Ahlen To: CF-Newbie Sent: Sat Jan 13 03:51:45 2007 Subject: Securing a CSV file Hello, Currently working on an application that uses a csv file for the login DB. The directory structure on a Windows server is: root/directory1/directory2/login/db/db.csv I'm using <cflogin> as taken from Forta's "Coldfusion MX7 web application construction kit". I've got ForceUserLogin.cfm and UserLoginForm.cfm in the login directory. The primary Application.cfc sits in directory 1 and the rest of the application sits in directory2. The flash login works fine using cfhttp to reference it from ForceUserLogin.cfm. Problem is that if I enter http://directory1/directory2/login/db/db.csv in a browser, the csv is there for the world to see. In the db directory I put an Application.cfc that extends from the base Application.cfc. This has an onRequestStart function with a <cflocation> tag that should send the browser to a public file in another directory. This doesn't work. Due to convenience, I would like to keep the csv file above the root directory -- I'm not the systems admin, so I don't have access there to upload a daily update of the csv file. Any suggestions as to how I can secure the csv file? Thanks in advance to anyone who can help. jahlen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2429 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
