Grif, You will have to store all the information about uploaded files in a database, my db's for this typically include the filename, filesize, filetype (although you can get this from the extenstion...), dateuploaded, uploadedby, etc... You can get fancier by adding in relationship tables that put the files under specific areas and adding roles based security, but that's beyond the scope of a single email...
Next, your web host should have made available to you folders that are not web accessible. If they haven't, get a new host that does... basically, you can create a folder outside of the webroot call it whatever you'd like... store all your uploaded files in that folder. Casual browsers to the site cannot download the files as they are not web accessible. ' You will then use ColdFusion to display the file lists (from your database of files) and then use CFHEADER and CFCONTENT to send the files to the client's browser. There are numerous posts in the archives of this list on how to do that. How you implement the secuity on these files (as in who can view and download them) is up to you. I've done this numerous times on secure collaborative extranets... let me know if you need more info. Cheers, Jeff Garza [EMAIL PROTECTED] Certified ColdFusion MX Developer ----- Original Message ----- From: "Griffin" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 8:18 AM Subject: WOT: Securing word docs, excel, etc in a web app Hi, This is off topic, but I am sure many of you have had to deal with issues such as these in the past. I have been living in a bubble for the past 3 years and have developped many web apps in CF, ASP and JSP on secure networks with no Internet connection. For the first time, I am building an Internet based web app in CF. Creating the members only portion with user authentication and so on is no problem. However, the site's main focus is to share research data among members. Most members want to upload MS Word docs, MS Excel docs and PDFs. The site will be hosted at an ISP, so using IIS or NT security is not an option. So here is my dilema, once I have uploaded documents that I only want members to access, how can I achieve something better than "security through obscurity" and prevent people from stumbling on the docs by guessing or as the result of a search engine search? Same question for images. There will be images in .jpg and .gif format which are destined for members eyes only. Any recommendations appreciated. Grif ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
