Why not route the downloads through a single CFM file (download.cfm?f=some identifier) and then use CFCONTENT to serve up the PDF file.
On Fri, Feb 12, 2010 at 10:38 AM, Scott Mulholland <smulholl...@aimg.com>wrote: > > We have an app with a protected area that just using a basic session check > in application.cfm. In the protected area there is a directory of PDFs. > No > one can access them through the app without logging in. If the person knew > the url to the pdf though it would serve since application.cfm would not > run > to check the session. Is there any quick way to secure these? Maybe with > windows authentication? I know we could make a cfm page to look up and > serve the file so the link to the pdf is never exposed but these are > uploaded via a cms and the link put into the page by the client that would > be more of a training exercise to make sure they are using the right link > to > the pdf, etc. > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330648 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4