Actually that method doesn't always work. The safest way is to just include the filename you want in the URL, so if your script was named download.cfm the URL would like http://foo.com/download.cfm/program.exe.
-Matt -----Original Message----- From: Justin Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, October 15, 2001 10:15 PM To: CF-Talk Subject: Re: File Question > Currently, if I place an executable or image on my webserver, in a given > directory, like /programs/program.exe, and someone pays for it once, they > can find out the path name, like www.mysite.com/programs/program.exe and > come back as often as they want or send their friends to that url to get the > executable, whether they've paid for it or not. As Brian has already said, use CFCONTENT to protect the actual location of your downloadable programs. Simply store the sales in a database and allow them to download the program if they have a username/password or whatever. The only problem with using CFCONTENT to do this is that when the user is asked to save the file, it would be called "download.cfm" or whatever your template is called. The solution to this is... <cfheader name="Content-Disposition" value="inline; filename=#variables.truefile#"> <cfcontent type="#variables.mimetype#" file="#variables.filename#" deletefile="no" reset="no"> .where... variables.truefile = The name of the file being downloaded. variables.mimetype = The correct MIME for the file. variables.filename = The full path and name of the file on your server (outside the web-root if possible. This will allow the browser on the other side to save the file with the proper name and handle it with whatever program is associated with it. Also note that there is a reset="no" on the CFCONTENT tag, so make sure to disable output on this page before you get to this point as to not disturb the actual file contents (having reset="yes" would cancel the new header information if I remember correctly). -Justin Scott, Lead Developer Sceiron Internet Services, Inc. http://www.sceiron.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
