At 08:32 AM 12/13/2002, you wrote: >Keep in mind that a CF based authentication system is only checked against >if the user hits a CFM page. That's fine for certain types of projects, but >not for actual file security. So if you have a directory of images in the >"secure" area, a person could link directly to an image and bypass the login >altogether because a .gif doesn't reference the Application.cfm first. > >(snip) > >-Kevin
If you are concerned about securing non-ColdFusion files you can still use CF to secure them by using a CF page as a gateway. For example, put all of your images in a folder that is not within the wwwroot and request them like this: <img src="getImage.cfm?imagePath=storeFront/header.gif"> And then in the CFM use CFCONTENT to send back the image. Works equally well with PDF, Word, Excel, etc. files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com