don't need protection would come from a non-protected directory that
wouldn't involve any CF processing.
Say you have a directory "/admin" on a site. That directory contains CFM
pages for maintaining your web application, as well as some .PDFs of
proprietary business info, some .jpg mockups of your new logo design, some
.txt files containing sales data, etc. It would be nice to know that every
single file, of any type, stored beneath "/admin" is protected by your Cold
Fusion login, WITHOUT having to store all non-CFM pages outside of the web
directory and set up a CFM intermediary to access them using CFCONTENT.
What if you're using the CFM intermediary protection method and somebody
gets sloppy (as they eventually will) and uploads a file to
"/admin/TopSecretSalesData.txt"? rather than "C:\NotWebAccessible"? If all
files of any type beneath "/admin" were protected, it wouldn't be a
problem. I'd like to be able to do this with my regular CF login, rather
than IIS authentication.
I admit that what I'm trying to do isn't strictly necessary, but it would
be nice. It's not that hard to do in .NET and I'll be disappointed if the
same thing can't be accomplished with CF.
Conan
At 03:05 PM 2/10/2004, you wrote:
>In theory you could do the same with CF as you have seen in .NET. In both
>cases however, I'd say that the added load on the server isn't worth the
>benefit of "protecting" the other files in the directory.
>
>Typically there are few good reasons images that are included as part of a
>page need to be protected at all, much less via CF. If images or documents
>do need to be protected in this manner they are usually moved out of the
>webroot and handled using the CFCONTENT method suggested in another email.
>
>I'm curious as to the requirement you are trying to satisfy and perhaps
>someone will suggest a more elegant solution than running every request
>through ColdFusion engine.
>
>-Cameron
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
