A classic approach would be to put these documents in a place that is not
accessible to the public and use CFCONTENT to feed them to the (authorized)
user when needed.
-----Original Message-----
From: Chris Alvarado [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 02, 2001 10:50 AM
To: CF-Talk
Subject: general question about security and documents
I have an application that uses standard security through session variables
etc.
If a user navigates to a portion of the application where a document is
attached (word, excel, etc) and they have the correct permissions then they
will see a link that will allow them to view the file.
this is all fairly normal
however,
technically if they knew the direct path to the file they could merely type
in the path into their browser and in a sense bypass all of the security
measures built into the application.
has anyone come across this issue?
I work for a company that is very concerned about security as im sure many
of you do. Many of these documents contain sensitive information that
should be view by authorized users.
Thanks for any and all help,
-chris.alvarado
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists