Re: Directory Security

Tue, 25 Apr 2000 08:14:01 -0700 

Upload the files into a protected directory not availible though the web.
Use a 'helper' cfm page which show the file after doing a security check...
Use cfcontent to retrieve the file..

There is an example of something similar at alive.allaire.com

Hope that helps ...

~Justin

----- Original Message -----
From: Olive, Christopher M Mr USACHPPM
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 25, 2000 3:27 PM
Subject: RE: Directory Security


> one possible way is to feed all HTML requests through the CF dll.  that
will
> invoke application.cfm for HTM files as well as CFM files.
>
> Chris Olive
> DOHRS Website Administrator
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Wey Hueymeei [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 25, 2000 10:08 AM
> To: [EMAIL PROTECTED]
> Subject: Directory Security
>
>
>
> Hello,
>
> We have a security system built in application.cfm, which disallow users
to
> access our site without providing valid username and password.
> ie. when a user put URL on the location bar, if he has not logged in, he
> would be redirected to the login page first before seeing the actual page.
>
> But we just have a security problem with the system:  There is a directory
> for users to upload files. If the file is not in CFM format, it seems like
> that the application.cfm cannot do security check. Therefore, if the
person
> knows the URL, he could see the page without logging into the system.
>
> Could anybody help?
>
> thanks in advance,
>
> Hueymeei
>
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
>

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to