Kevin et al Have a look at the FC 4 plugin on this thread: http://groups.google.com/group/farcry-dev/browse_thread/thread/99f01a14b d276811/9e498ea204633ed6?lnk=gst&q=secure+files+plugin#9e498ea204633ed6
(it wraps up a alot of this functionality) Cheers David ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of AJ Mercer Sent: Wednesday, 5 December 2007 10:52 AM To: [email protected] Subject: [farcry-dev] Re: Securing individual files (FC 4.0.3) neat :-) On Dec 5, 2007 9:18 AM, Blair McKenzie <[EMAIL PROTECTED]> wrote: Secure files get put in /yourproject/securefiles/. You can override this default by setting application.path.secureFilePath in your project's _serverSpecificVarsAfterInit.cfm file (full OS path). Also, if you set the ftDestination attribute on the relevant file property you can specify a subdirectory for files uploaded for that specific property. ftDestination="/typename/propertyname" is common. Blair On Dec 5, 2007 10:02 AM, AJ Mercer <[EMAIL PROTECTED]> wrote: is 'outside webroot' a configurable setting? On Dec 5, 2007 7:25 AM, Blair McKenzie <[EMAIL PROTECTED]> wrote: The file formtool supports the ftSecure="true" attribute - if you extend dmFile and update the relevant property, all files will automatically be stored outside the webroot, and only be accessible via download.cfm . You would still have to add your own restrictions to that file, but noone would be able to access files with a direct url. Blair On Dec 5, 2007 4:56 AM, Jeff Coughlin < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: > I believe the the files are uploaded to a web-accessible directory, > so there > is no out-of-the-box way of securing them. You can however secure > the pages > w/the links to the files. If it is a custom type (in FarCry 4), then you can specify the folder where the files are stored. They are still web accessible, but you can protect the folder/directory on the server level. FarCry 4.1 (currently in development) is going through some major security revisions right now. Now would be a perfect time to put in an enhancement request to have permissions on dmFile types http://bugs.farcrycms.org/ (maybe even ask if downloadable files can be stored outside of the webroot). Regards, -- Jeff Coughlin Web Application Developer http://jeffcoughlin.com -- AJ Mercer Web Log: http://webonix.net -- AJ Mercer Web Log: http://webonix.net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "farcry-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/farcry-dev?hl=en -~----------~----~----~----~------~----~------~--~---
