I am running a clustered setup of web servers using Win 2K and CF 4.5.1 Sp2.
These machines connect to backend SQL 2000 DB and a standard NT 4.0 Sp 6.0a
which is the image / file server. I currently authenticate users at the
webserver level and choose items to allow / disallow access to based on
their specific access level.
The problem I am having is I want to avoid using NT Directory Security on
the Image/File server ( I want to allow disallow access based on their
cookie login and information contained in the database) but the problem this
creates is that the users could share the hard link to a file/image or guess
a file name and be granted access to it since its secured at the
application.cfm level and not at the directory level.
Example:
webserver 1 - http://www.domain.com authenticates users and pulls info -
chooses files/images to show
fileserver 1 - http://files.domain.com file links embedded on pages served
by Webserver 1 are called from this machine.
Thanks for any suggestions.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
