For things like that I normally store them outside the webroot and then serve them via a cfcontent in a cfm script. Instead of a link like http://mysite/mypdf.pdf it would be http://mysite/getfile.cfm?var=myfile.pdf.
That is very oversimplified, but captures the approach. ________________________________ From: Emile Melbourne <emile.melbou...@gmail.com> To: discussion@acfug.org Sent: Thursday, December 18, 2008 12:00:42 PM Subject: [ACFUG Discuss] Blocking a ColdFusion website's directory Hey Everyone, I am currently in the process of building my first secured site. Most pages of the site will be behind a login page. I'm using ColdFusion's Application.cfc onRequestStart function to check if a user is logged in or not. Thats pretty much boiler plate. My concern is how to prevent an non authorized user from accessing or hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). Whats the best way to ensure a user can't link directly to these items but instead be redirected to login.cfm instead? Is there a way to lock down an entire directory? Thank you for all your help Emile ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------