> I don't mean to sound paranoid but there are a few competing websites in our > area of expertise that would like to "download" the XML datafile to import > into their own database
Unless you require authentication, there isn't much you can do to stop them. If I visit your website, and your AJAX solution downloads that file, it's now on my machine, or can easily be captured by any number of proxies, etc, that exist to do just this sort of thing. > I've looked at securing it using http_referrer but was looking for a solution > that was a bit more robust. I'm pretty sure that's all the Helicon solution looks at. There isn't much you can do here. You can either require authentication, which will stop people without credentials, or you can look at HTTP_REFERER, which is unreliable and easily defeated. If you use CF to process the request, you can do anything that the Helicon product does. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315883 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
