Emile, if your site is running on IIS, another idea would be to use the .NET framework to secure the directories. You can find discussions in various .net articles/books/blogs. Here's one simplistic discussion from MS: http://support.microsoft.com/kb/893662
People don't tend to think of this because they think "my code is in CF". But the whole point of this discussion is that you're talking about accessing non-CF files, and therefore can consider solutions that are not CF-based. Shawn's idea of CFCONTENT is of course a way to bring it back to CF's purview. It kind of all depends on what authentication mechanism you want to use: one under CF's control, or one you'd be willing to let be managed by something else (whether the CF, the web server or the .NET framework managing it, and whether-in the latter 2-your're using windows forms, passport, or windows authentication). Hope that's helpful. I do realize it's WAY outside the box. :-) /charlie From: [email protected] [mailto:[email protected]] On Behalf Of Emile Melbourne Sent: Thursday, December 18, 2008 12:01 PM To: [email protected] Subject: [ACFUG Discuss] Blocking a ColdFusion website's directory Hey Everyone, I am currently in the process of building my first secured site. Most pages of the site will be behind a login page. I'm using ColdFusion's Application.cfc onRequestStart function to check if a user is logged in or not. Thats pretty much boiler plate. My concern is how to prevent an non authorized user from accessing or hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). Whats the best way to ensure a user can't link directly to these items but instead be redirected to login.cfm instead? Is there a way to lock down an entire directory? Thank you for all your help Emile ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
