-----Original Message----- From: Carlisle, Eric [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:55 AM To: CF-Talk Subject: RE: masking URLs and cflocation
I was recently making a similar template. I'm curious if an end user can't use "../" to get to other files. I tried it and couldn't make it work. Regardless, is it a good practice to strip out the ".\/" characters before displaying the files? Eric -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 01, 2002 8:25 PM To: CF-Talk Subject: RE: masking URLs and cflocation Are you masking the url because you want to conceal the true location of the file, or for cosmetic reasons? If the former, you can use cfcontent (and store your files off the web root for security). This is just passes the 8+3 filename via the url. You could come up with all sorts of ways to conceal the true filename, some simple (encrypted and urlencoded), some complex. I'd put some security on a page like this, too. <A HREF="pushfile.cfm?FileName=foo.pdf"> pushfile.pdf: <CFSET variables.PushFile="d:\bar\"&url.FileName> <CFIF FileExists(variables.PushFile)> <CFHEADER NAME="content-disposition" VALUE="attachment; filename=#url.FileName#"> <CFCONTENT TYPE="application/unknown" FILE=#variables.PushFile#> <CFABORT> </CFIF> <HTML><HEAD><TITLE>File Not Found</TITLE></HEAD><BODY> File Not Found </BODY></HTML> --------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc., www.mysecretbase.com --------------------------------------- ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists