The application.cfm file only protects the CFM files from being accessed. If you want to secure the entire directory, you have to set up challenge response or some other mechanism on the web server in order to secure the directories.
Your issue is with the directory security not with CF. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of S.Isaac Dealey Sent: Friday, July 25, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: Re: pulling images from a secure dir You might be confusing the ssl certificate with the web server feature that displays the username/password dialog to access directories... I can't remember offhand what the name of it is, but I know it's not the same thing. > I just discovered something that astonished me. Inside a > secure directory > ( http://statistics.cyberk.com/cyberstats/ ) > I have an images folder. Of course this dir uses the > Application.cfm file which is in the main cyberstats dir. > I have no problem getting to content inside a subdirectory > of > this protected directory, e.g., > http://statistics.cyberk.com/cyberstats/images/answer2.gif > I thought nothing could be accessed in or under a secure > directory without login. Yet it turns out I can not only > pull > images from the secure site easily into an html file > anywhere > on the internet (!), but if I know the filename I can > directly > access them too. > Is this normal, or have I seriously screwed up my CF > security? > PJ > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To unsubscribe: > Send UNSUBSCRIBE to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org s. isaac dealey 972-490-6624 new epoch http://www.turnkey.to lead architect, tapestry cms http://products.turnkey.to tapestry api is opensource http://www.turnkey.to/tapi team macromedia volunteer http://www.macromedia.com/go/team certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816 ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
