But can you rename the .xml file to anything you want? If you can, rename to my-xml-file.cfm and then you can secure with CF.
Adrian -----Original Message----- From: Jeffrey Lemire [mailto:[EMAIL PROTECTED] Sent: 25 November 2008 11:25 To: cf-talk Subject: RE: Prevent direct access to XML data file? > I think you're missing Adrian's point. If you change the file > extension so that it's processed by CF, you can use application server > authentication to control access to the file. What I'm actually trying to prevent is something similar to when people try to "hotlink" images directly (http://domain.com/theimage.jpg). The image is publicly available when called from a web page but applications such as the ones provided by HeliconTech prevent "direct" access to the image whether it be from a browser or a server generated application. The issue here is that I'm looking to make the data "publicly" available when it's pulled into a web page to be displayed within a browser but prevent direct access to the raw xml datafile (http://domain.com/xml-data.cfm). I don't mean to sound paranoid but there are a few competing websites in our area of expertise that would like to "download" the XML datafile to import into their own database. I've looked at securing it using http_referrer but was looking for a solution that was a bit more robust. -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 1:31 PM To: cf-talk Subject: Re: Prevent direct access to XML data file? > > Sorry if it's been said already, but can you change the extension of the > > file to .cfm? > > Absolutely...you just need to ensure that you tell the browser that this is > an XML file ... I think you're missing Adrian's point. If you change the file extension so that it's processed by CF, you can use application server authentication to control access to the file. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315868 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
