Well, if the ISP/Host is on top of things, they'll let you have a folder outside your web root. Then you can call the files with something like <cfcontent> (if they allow it). If those two pieces fall into place, then you can devise some type of encryption string to mask the variables which call the files, or you could have a table with IDs and pointers to the files in the folder outside of the web root.
Hope that helps, Ryan -----Original Message----- From: Griffin [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 1:11 PM To: CF-Talk Subject: WOT: Securing word docs, excel, etc in a web app Hi, This is off topic, but I am sure many of you have had to deal with issues such as these in the past. I have been living in a bubble for the past 3 years and have developped many web apps in CF, ASP and JSP on secure networks with no Internet connection. For the first time, I am building an Internet based web app in CF. Creating the members only portion with user authentication and so on is no problem. However, the site's main focus is to share research data among members. Most members want to upload MS Word docs, MS Excel docs and PDFs. The site will be hosted at an ISP, so using IIS or NT security is not an option. So here is my dilema, once I have uploaded documents that I only want members to access, how can I achieve something better than "security through obscurity" and prevent people from stumbling on the docs by guessing or as the result of a search engine search? Same question for images. There will be images in .jpg and .gif format which are destined for members eyes only. Any recommendations appreciated. Grif ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com