Why not rename them as random names with matching records in a database:
File Client Transaction
1098098234.doc A 1
830eks03f9.doc A 2
e34tr0xjne.doc B 3
280n3hsnkw.doc B 3
HTH
Duane
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 07, 2001 11:15 AM
To: CF-Talk
Subject: directory setup
(this email was sent to the list twice last week,
but I never saw it appear. I'm on the digest)
Hi Everyone:
I'm building a web site where a client logs into an account
and enters transactions. Once a transaction is entered by a
client, the client always has access to that transaction.
The client can attach (upload) files to a transaction.
I want a client to only see files attached to a transaction that
the client can access.
I don't want a client to be able to see files they don't
have access to.
A client is only shown files attached to their own transactions,
but I don't want someone sneaking around.
my Q is:
what is the best way (easy and secure) to setup the directory
and name the files?
2 thoughts are:
1. put all the files in the same directory and name them:
File.ttttt.xxx.doc
where ttttt is the transaction number and
xxx is the document number for each file (001, 002, etc.)
pros: easy to manage.
cons: someone could guess a transaction and document number here that
they should not see.
2. setup a separate directory for each client and name them:
same as in #1
pros: easy to manage.
cons: someone could guess a directory, transaction and document number here
that
they should not see.
any suggestions?
tia
Sandy
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
