Store them outside of the webroot and use cfcontent to serve them to the browse when necessary.
-Ryan Anastassios Hadjicrystallis wrote: > I have a question that its answer may be interesting and usefull for many CF > developers. Here it is. > > I have a site, and I have a folder where access is restricted and I have a > login page asking for user name and password. As usually I chech these access > data in my database and I give or give not access to the content of this > folder. Nothing special until now. > > Let's suppose > The root folder of my site is C:\MySite > The restricted access folder is C:\MySite\MembersFolder > In the root folder I have the login page C:\MySite\login.cfm > > In the restricted access folder and its subfolders I have various CF pages > e.g. > -- C:\MySite\MembersFolder\page1.cfm , > -- C:\MySite\MembersFolder\folder2\page2.cfm etc > > Whenever someone logs in successfully I keep a session variable with his > name, userid etc blah blah. So whenever someone tries to access a restricted > access page e.g C:\MySite\MembersFolder\page1.cfm I check if there is or > there is not the session variable of his access. If the session variable > exists I give access, otherwise I send him to the login page. Again nothing > special. Just typical proccess. > > My question is. > > All the above can restrict access to any CF page in the folder > > C:\MySite\MembersFolder > > BUT what about any other content in this folder e.g PDF, jpg, doc files etc ? > > Because someone not logged in can just write in his browser: > http://www.MySite.com/MembersFolder/MyBook.pdf > and can get the PDF file without loggin!!! > > Any idea how can I restrict access to any kind of content (htm, cfm, pdf, > jpg, doc xls etc) using coldfusion ? > > (Well I know I can store these kind of files in binary fields of the > database.... instead of storing them as files, but I don't think it's > realistic. These files pdf, doc, tiff, xls can be many Mb and it's not > realistic to read these huge files from the database in middle or high > traffic site.) > > So any other idea? > > Thanks in advance for your response. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324239 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
