What you need to do is store all documents away from the web root and deliver the files to the end users through cfcontent.
Please note this can cause issues if the user's client has not got its mime types correctly set up. I've had issues where some people were unable to see excel spreadsheets, and others were as their mime types were set up correctly on their browser. Have fun. > -----Original Message----- > From: Griffin [mailto:[EMAIL PROTECTED] > Sent: 26 August 2003 16:33 > To: CF-Talk > Subject: WOT: Securing word docs, excel, etc in a web app > > > Hi, > This is off topic, but I am sure many of you have had to deal with > issues such as these in the past. > > I have been living in a bubble for the past 3 years and have developped > many web apps in CF, ASP and JSP on secure networks with no Internet > connection. For the first time, I am building an Internet based web app > in CF. Creating the members only portion with user authentication and so > on is no problem. > > However, the site's main focus is to share research data among members. > Most members want to upload MS Word docs, MS Excel docs and PDFs. The > site will be hosted at an ISP, so using IIS or NT security is not an > option. > > So here is my dilema, once I have uploaded documents that I only want > members to access, how can I achieve something better than "security > through obscurity" and prevent people from stumbling on the docs by > guessing or as the result of a search engine search? Same question for > images. There will be images in .jpg and .gif format which are destined > for members eyes only. > > Any recommendations appreciated. > > Grif > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
