>>Store them outside of the webroot and use cfcontent to serve them to the browse when necessary.
Some people have no access to folders outside the webroot. In that case, one solution is to : 1. register all files in your database with their original name and type (pdf, doc, etc.) 2. store any non cfm file in a special directory; 3. rename anyFile.xxx to anyFile.cfm 4. store in the directory an Application.cfm file containing any measure to restrict access, like a simple <CFABORT> 5. provide a template for file request that will <CFCONTENT it, restituing the original name and type, ie: <CFQUERY DATASOURCE=#application.applicationName# NAME="getDoc"> SELECT fileName, localName FROM docs WHERE docId = #Id# </CFQUERY> <CFIF getDoc.recordcount EQ 0> <CFABORT SHOWERROR="Document not found"> </CFIF> <CFSET PathDoc=GetDirectoryFromPath(expandPath("*.*"))& "contentDocuments\"> <cfheader name="Content-Disposition" value="attachment; filename=#getDoc.filename#"> <CFCONTENT TYPE="application/octet-stream" FILE="#pathDoc##getDoc.localName#"> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324243 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4