> them. If a users knew the link to the file: > http://www.mysite.com/pdfs/sample.pdf they could > still get to it in the browser without signing in. > Is there any way outside of windows authentication > at the directory level to prevent this? What > is the standard way of dealing with this (if any)?
Set the server to treat .pdf files in that folder to use the ColdFusion application server, just like .cfm files. Then, put an Application.cfm/cfc file in that folder, and check for authentication. If not authenticated, cflocation them to login. If they are authenticated, parse the pdf filename from cgi.script_name and use cfcontent to load the file and output the contents to the user. Dave's suggestion to load the PDF files through an existing cfm file is probably preferred if you're writing this as a new system or do not have access to the web server configuration. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325046 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4