Grif, What we've done for a similar system is to have the CFFILE tag write them to a directory outside the webroot. In our case, we have /local/web for the web root, and /local/web_docs for the documents to be stored. We have links for each document, and the path to those documents is stored in a table in the DB. So the only way a person could get them without access to the application would be to have access to the server directly, which would be a more serious issue.
One other way, and we stopped doing this although this app's predecessor did this, is to store them as objects in a database table. That way only someone with access to that table, or even to that column, would see the file. I like the first option because it let's the server hold the files and store them however it needs to, and it doesn't bog down a DB or fill up tablespaces or anything. I'd go with option 1, but either should work for you. My 2�, -lincoln -----Original Message----- From: Griffin [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 12:20 PM To: CF-Talk Subject: WOT: Securing word docs, excel, etc in a web app Hi, This is off topic, but I am sure many of you have had to deal with issues such as these in the past. I have been living in a bubble for the past 3 years and have developped many web apps in CF, ASP and JSP on secure networks with no Internet connection. For the first time, I am building an Internet based web app in CF. Creating the members only portion with user authentication and so on is no problem. However, the site's main focus is to share research data among members. Most members want to upload MS Word docs, MS Excel docs and PDFs. The site will be hosted at an ISP, so using IIS or NT security is not an option. So here is my dilema, once I have uploaded documents that I only want members to access, how can I achieve something better than "security through obscurity" and prevent people from stumbling on the docs by guessing or as the result of a search engine search? Same question for images. There will be images in .jpg and .gif format which are destined for members eyes only. Any recommendations appreciated. Grif ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
