Re: [ACFUG Discuss] secure file download

[Dean H. Saxe]

And don't pass the filename/path from the user's browser to the application.  Otherwise I can download any file I want.  Store the file for download in the user's state. -dhs Dean H. Saxe, CEH [EMAIL PROTECTED] "I have always strenuously supported the right of every man to his own opinion, however different that opinion might be to mine. He who denies another this right makes a slave of himself to his present opinion, because he precludes himself the right of changing it."      -- Thomas Paine, 1783 Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd On May 9, 2006, at 12:25 PM, Dusty Hale wrote: Yes now it is starting to come back to me. Many thanks.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven Ross Sent: Monday, May 08, 2006 8:59 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] secure file download   use cfcontent to serve the files and put them outside of the docroot of the webserver. On 5/8/06, Dusty Hale <[EMAIL PROTECTED] > wrote: Not sure if anyone has any advice on this but I am building a site feature that allows users who are logged in to download MP3 files. I am storing MP3 records in an sql server database (title, description, and filename) and the actual MP3 file in their own folder. I want to make sure that users will not be able to short cut to the MP3 files without being logged in. Any advice is greatly appreciated.   thx   Dusty -------------------------------------------------------- * To unsubscribe from this list, manage your profile @ * * http://www.acfug.org?fa=login.edituserform * * * * For more info, see http://www.acfug.org/mailinglists * -------------------------------------------------------- -- Steven Ross web application & interface developer http://www.zerium.com [phone] 404-488-4364 -------------------------------------------------------- * To unsubscribe from this list, manage your profile @ * * http://www.acfug.org?fa=login.edituserform * * * * For more info, see http://www.acfug.org/mailinglists * -------------------------------------------------------- -------------------------------------------------------- * To unsubscribe from this list, manage your profile @ * * http://www.acfug.org?fa=login.edituserform * * * * For more info, see http://www.acfug.org/mailinglists * --------------------------------------------------------