Guy,

Move the CAD files out of the web folder and use CFCONTENT to push the cad
files. The CFCONTENT script will be programmed to accept and validate an
encrypted phrase passed by the calling file (applet).

Now here is the worse part. The key used to validate and encode (CFENCRYPT)
the phrase must change everytime you push any CAD file. This means that the
second your java applet downloads the cad file, the encrypted phrase will be
out-dated and invalid for later use.

One way to do this is to store the key for each use in a Session. variable.

On applet code generating script:

    <applet....

    <parameter cadfile="secureCADpush.cfm?password=#cfencrypt("Make it
work",Session.DynamicKey)#">
    </applet>


On push script:

<!--- make sure the decryption works --->
<CFTRY>
    <CFIF  cfdecrypt(url.Password, Session.DynamicKey) EQ "Make it work">
      
        <!--- create a new key and invalidate all previous encrypted phrases
--->
        <CFSET Session.DynamicKey = Now()>

        <!--- push file --->
        <CFCONTENT....>

       
    </CFIF>
    <!--- output error or do nothing --->
    <CFCATCH Type="ANY">
        PUSH denied.
    </CFCATCH>
</CFTRY>

I think this should work. However, the user might be smart enough to figure
out the scheme and stop the web browser right before the java code is
executed. Thus, the push never happens and by looking at the source code and
grabbing the url, the person will be able to download the file.

The java applet is execute on the client side so there is now way to
distinguish the applet request for the file as compared to the browser
request. Or is there? Not sure about this.

You can also beef up the security by only allowing cfcontent push when
HTTP_REFERER exists and that the domain is from your site.

Xing

fanfiction.net

 
> Building an application that uses a cad file viewer that is a java applet.
> The viewer loads a cad file from the document root on the web server and
> display it in a browser.
> 
> The problem I have is that a user can view the source for the web page, get
> the URL to the cad file and download the cad file to his local system.
> 
> I am looking for a way to allow the viewer to see the cad file but prevent a
> user from downloading it. I am thinking that a component sitting in the
> document root of the web server that could relay the file to the java
> applet. Anyone found a solution for this or have any ideas?
> 
> TIA
> 
> Guy
> 
> 
> ------------------------------------------------------------------------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
> body.

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to