That will be true of any files in the web space that don't have extensions
mapped to the CF engine. Place the upload directory outside of the web space so
that they cannot be retrieved by URL.
Jim
-----Original Message-----
From: Wey Hueymeei <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, April 25, 2000 8:15 AM
Subject: Directory Security
>
>Hello,
>
>We have a security system built in application.cfm, which disallow users to
>access our site without providing valid username and password.
>ie. when a user put URL on the location bar, if he has not logged in, he
>would be redirected to the login page first before seeing the actual page.
>
>But we just have a security problem with the system: There is a directory
>for users to upload files. If the file is not in CFM format, it seems like
>that the application.cfm cannot do security check. Therefore, if the person
>knows the URL, he could see the page without logging into the system.
>
>Could anybody help?
>
>thanks in advance,
>
>Hueymeei
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
