OP never used the word "authentication". From wikipedia: "authorization is the concept of allowing access to resources only to those permitted to use them." Seems to me he used the term properly. /m
: Emile, : From your description, you really need to define what "authorized" and "not : authorized" means. : This will help clarify to the people assisting you as to the approach they can : suggest. : As "authorization" and "authentication" often times are used interchangeably : by developers when in fact they represent two distinctly different topics. : Teddy R. Payne, ACCFD : Google Talk - [email protected] : On Thu, Dec 18, 2008 at 12:00 PM, Emile Melbourne <[email protected]> : wrote: : Hey Everyone, : : I am currently in the process of building my first secured site. Most pages : of the site will be behind a login page. I'm using ColdFusion's : Application.cfc onRequestStart function to check if a user is logged in or : not. Thats pretty much boiler plate. : : My concern is how to prevent an non authorized user from accessing or : hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). : : Whats the best way to ensure a user can't link directly to these items but : instead be redirected to login.cfm instead? : : Is there a way to lock down an entire directory? : : Thank you for all your help : Emile : : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink <http://www.fusionlink.com> : ------------------------------------------------------------- : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink <http://www.fusionlink.com> : ------------------------------------------------------------- ---------- Original Message ---------- FROM: "Teddy R. Payne" <[email protected]> TO: <[email protected]> DATE: Thu, 18 Dec 2008 13:25:15 -0500 SUBJECT: Re: [ACFUG Discuss] Blocking a ColdFusion website's directory Emile, >From your description, you really need to define what "authorized" and "not >authorized" means. This will help clarify to the people assisting you as to the approach they can suggest. As "authorization" and "authentication" often times are used interchangeably by developers when in fact they represent two distinctly different topics. Teddy R. Payne, ACCFD Google Talk - [email protected] On Thu, Dec 18, 2008 at 12:00 PM, Emile Melbourne <[email protected]> wrote: Hey Everyone, I am currently in the process of building my first secured site. Most pages of the site will be behind a login page. I'm using ColdFusion's Application.cfc onRequestStart function to check if a user is logged in or not. Thats pretty much boiler plate. My concern is how to prevent an non authorized user from accessing or hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). Whats the best way to ensure a user can't link directly to these items but instead be redirected to login.cfm instead? Is there a way to lock down an entire directory? Thank you for all your help Emile ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
