In my intranet, I created a directory outside the webroot and gave it no permissions except to the system account. Then I use cfcontent to push the file to the user (after being authenticated via cf).
> What is the most efficient way to provide files for download to a client > after username/password authentication *without* using NT Authentication. > > The simple way is to validate the user using CF and then just display the > documents using CFDirectory, but, if anyone know the URL to the document, > they can bypass the cfm template altogether. I was thinking about randomly > renaming documents and storing the filenames in a DB, but that seems sloppy > too. > > This client is currently in a virtual hosting environment, so adding > directory security seems out of the question. > > Any thoughts would be greatly appreciated. > > TIA, > > - jim > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
