How did you "secure" the directory? Was it through the web server or the Application.cfm file.
If it was the application.cfm file, then CF never executes a single line of code, and your security is not used. If it's through the web server, then you should probably take a look and the htaccess file for that directory. Matt Knight ► w: 972 361 9943 ► m: 214 213 4016 -----Original Message----- From: PJ Gaenir [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 3:50 PM To: [EMAIL PROTECTED] I just discovered something that astonished me. Inside a secure directory ( http://statistics.cyberk.com/cyberstats/ ) I have an images folder. Of course this dir uses the Application.cfm file which is in the main cyberstats dir. I have no problem getting to content inside a subdirectory of this protected directory, e.g., http://statistics.cyberk.com/cyberstats/images/answer2.gif I thought nothing could be accessed in or under a secure directory without login. Yet it turns out I can not only pull images from the secure site easily into an html file anywhere on the internet (!), but if I know the filename I can directly access them too. Is this normal, or have I seriously screwed up my CF security? PJ ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
