What kind of files are being uploaded? If you are managing a document
library (pdf, doc, etc.) then you would do well to store the files outside
of a web accessible directory and use CFCONTENT to serve them. This way you
can have complete control over which files are visible to whom as to gain
access to any of them you need to pass control through a cfm script first.
HTH
Steve "hashing" Martin
> -----Original Message-----
> From: Wey Hueymeei [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 25, 2000 15:08
> To: [EMAIL PROTECTED]
> Subject: Directory Security
>
>
>
> Hello,
>
> We have a security system built in application.cfm, which
> disallow users to
> access our site without providing valid username and password.
> ie. when a user put URL on the location bar, if he has not logged in, he
> would be redirected to the login page first before seeing the actual page.
>
> But we just have a security problem with the system: There is a directory
> for users to upload files. If the file is not in CFM format, it seems like
> that the application.cfm cannot do security check. Therefore, if
> the person
> knows the URL, he could see the page without logging into the system.
>
> Could anybody help?
>
> thanks in advance,
>
> Hueymeei
>
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
