For things like that I normally store them outside the webroot and then serve
them via a cfcontent in a cfm script. Instead of a link like
http://mysite/mypdf.pdf it would be http://mysite/getfile.cfm?var=myfile.pdf.
That is very oversimplified, but captures the approach.
).
From: Troy Jones t...@dynapp.com
To: discussion@acfug.org
Sent: Thursday, December 18, 2008 12:19:28 PM
Subject: RE: [ACFUG Discuss] Blocking a ColdFusion website's directory
Emile,
You can create a session variable that exists only when a user
is logged in and test for that when
Emile, if your site is running on IIS, another idea would be to use the .NET
framework to secure the directories. You can find discussions in various
.net articles/books/blogs. Here's one simplistic discussion from MS:
http://support.microsoft.com/kb/893662
People don't tend to think of this