OK I wasn't thinking clearly when I proposed CFFILE. I had a mental picture of trying move files from one drive to another on the same server, and didn't really think whether it would be practical for a Web download application. Sorry 'bout that. I don't know why Matt Liotta had a bad experience with CFCONTENT; he didn't respond to my request for details. Thanks all for the endorsement of CFCONTENT; sounds like the way to go.
Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daryl Banttari Sent: Monday, February 04, 2002 4:10 PM To: [EMAIL PROTECTED] Subject: Re: [KCFusion] Secure file download Why would CFCONTENT be slow? How would CFFILE replace CFCONTENT? You may want to take a moment and re-examine your assumptions... --Daryl ----- Original Message ----- From: "Keith Purtell" <[EMAIL PROTECTED]> To: "KCFusion (E-mail)" <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 3:41 PM Subject: [KCFusion] Secure file download I'm trying to choose between CFFILE and CFCONTENT for secure file download. Some have said CFCONTENT is too slow. That's a possible issue for me, since some of my files are up to 10MB. But I'm on a low-traffic intranet with a maximum of 400 visitors. People in various departments can upload files and make them available to other employees via hyperlinks. So a person can go to the main Marketing page, and click on a link that downloads a Word file stored /marketing/docs/. Unfortunately, anyone with a full address can defeat my intranet security that only kicks in for CF templates (via application.cfm and cookies). I'd like to move all these downloadable files to the D drive on that same server, then let CF make them available via the same hyperlinks, except only for logged-on people. The pros and cons of this were mentioned in email traffic from another CF list, which I have attached below. Any comments here? We're running CF5 on NT4 SP6a with IIS. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ===================================== -----Original Message----- From: Matt Liotta [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 13, 2000 12:23 PM Generally this is the best way to do it with one exception. Never use CFContent with large files. This will destroy your response time. Web servers were designed to deal with serving files and should be used in place of CF whenever possible. The only problem of course is security. If you make the directory web accessible then you have no security. However, you can't really secure the directory well with a web server since it has no concept of your application security. Below I describe how we solved this issue. Whenever we need to serve a file we create a symbolic link to the file in question. This symbolic link is placed in a web accessible directory and its file name is a UUID. This allows us to serve a file that would otherwise not be web accessible, by simply linking to its symbolic link. The likelihood of someone guessing a UUID is very low because it is based on a 128 bit integer. Further we have a process that deletes symbolic links after they have been around for more then five minutes. Thus even if the UUID was guessed it would only be accessible for five minutes. Hope this helps. -Matt > -----Original Message----- > From: Jon Cole [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 13, 2000 7:15 AM > > > I agree with Nathan this would be the best approach. > > >>The problem is that you can't control what the > >>file name would be. > > You can fix this with <CFHEADER> Like so: > > <CFHEADER NAME="Content-Disposition" VALUE="inline; > filename=#ExportFile#"> > > Thank You, > Jon Cole ACP > DevTech Inc. > [EMAIL PROTECTED] > 206.956.0888 > Learn more about DevTech @ www.Dev-Tech.com > > > > -----Original Message----- > From: Nathan Dintenfass [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 12, 2000 6:34 PM > > > One way I have dealt with something like this is to keep the > files outside the > web root, so they are not accessible over the web at all. Then, use > CFCONTENT > to deliver the files -- that way your CF security you already > have running can > secure access to the files (assuming the server itself is secure, of > course). > > You may want to store a separate DB of file information such > as MIME type, etc., but it's not necessary. > > > ______________________________________________________________________ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe.................... mailto:[EMAIL PROTECTED] To Unsubscribe................ mailto:[EMAIL PROTECTED] ______________________________________________________________________ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe.................... mailto:[EMAIL PROTECTED] To Unsubscribe................ mailto:[EMAIL PROTECTED] ______________________________________________________________________ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe.................... mailto:[EMAIL PROTECTED] To Unsubscribe................ mailto:[EMAIL PROTECTED]
