Not if the files being uploaded are things like images, or text files. Requests for those file types aren't routed through ColdFusion. Instead the webserver hands the files directly back to the user.
Options: 1) Store the files outside of the webroot and only allow programmatic access via cfcontent which allows you do check session security (best for security) 2) Associate all files with ColdFusion and write a custom servlet filter to intercept these. (NOT recommend) 3) Enforce security at the web server with .htaccess or equivalent. This would NOT have access to your ColdFusion session scope, but rather would be a separate list of user names and passwords you could administer to control how could access that directory. ~Brad -------- Original Message -------- Subject: application.cfc for security From: "Robert Harrison" <[email protected]> Date: Fri, October 09, 2009 1:33 pm To: cf-talk <[email protected]> I have a situation where is a user is creating subdirectories in a directory that I know. He's also uploading files via FTP. I know the name of the root directory, but don't necessarily know the name of the subdirectories and files. Is there any way I can put an application.cfc in the root directory so it would do a redirect on anyone who does not have the right credentials (e.g., a session variable)? I know I can make it work on all the .cfm files in the subs... but is there a way I can I make it work for all files? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327075 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
