Dusty, is it consistent as to when the server cuts off the download? If you can replicate it and find out if that part is around the same time you may be able to track down some sort of timeout or keep alive setting that is getting cut off from the webserver side. Doesn't really make sense though.
How about when you serve a large file w/o using CF? I would start at the most simple scenario: 1. download a static file via the webserver 2. have coldfusion serve that static file (outside of your app) 3. have coldfusion serve that statc file inside your app That should at least lead you in the right direction (either its related to your app or not) -Steven On 8/8/07, Dusty Hale <[EMAIL PROTECTED]> wrote: > Yes I am validating everything but only sent a very small piece of the code. > There is additional code before it even gets that far that verify that the > user is logged in, who they are, what they have permission to, and that they > actually purchased the file as well as a "FileExists" check using the > #application.path_audio##url.donorid#.mp3. But they have to get through all > the other checks before the cfcontent even runs. Is that what you meant > validating? > > Hopefully this is secure enough for the balance of security decisions. > > On another note. Dean you are a cool guy. Even though I once left a negative > comment about one of your threads, you continue to respond to my issues with > good useful advice. I have thought long and hard about that comment I left > inspired by your disagreements with Robert (I think that was his name) and I > say here and now, I was wrong to leave that comment and officially retract > it. I think I was temporarily impaired by other problems going on and have > learned a big lesson from it. That is not to react emotionally to things of > that nature or issues which I might not be aware of all the details. I > officially apologize and hope you forgive me for it. > > Kindest regards, > > Dusty > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe > Sent: Wednesday, August 08, 2007 2:35 PM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] strange issue with cfcontent > > FYI, your new code is subject to HTTP Response Splitting if you're not > validating the value of URL.donorid. > > http://en.wikipedia.org/wiki/Http_response_splitting > > -dhs > > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "Free speech exercised both individually and through a free press, is a > necessity in any country where people are themselves free." > -- Theodore Roosevelt, 1918 > > > On Aug 8, 2007, at 1:48 PM, Dusty Hale wrote: > > > I changed my code but the same thing happens. The download gets cut > > off (occasionally they work) or stuck. Tested on several computers > > behind different networks. Internet connectivity is pretty much > > officially ruled out ... > > > > The behavior is like the download gets stuck at 1.something mb for a > > 5.22mb file. After some time the download closes like it is complete > > (automatically) and we end up with an incomplete audio file. So > > strange ... > > I wonder if it could be a "RequestTimeOut" thing or something. > > > > This is the code I'm now using (changed per feedback I received). > > Notice the > > content-disposition is now "attachment" and the mime type is set to > > "audio/mpeg". Didn't seem to help. > > > > <cftry> > > <CFHEADER NAME="Content-Disposition" VALUE="attachment; > > filename=audio_#url.donorid#.mp3"> > > <cfcontent file="#application.path_audio##url.donorid#.mp3" > > type="audio/mpeg"> > > <cfcatch> > > <span style="color: red">There was a problem > downloading the file. > > The file name may be missing from the server. Please > > alert the website administrator.</span> > > <cfabort> > > </cfcatch> > > </cftry> > > > > Any thought as to possible reasons the downloads are getting cut off > > would be greatly appreciated. > > > > D > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven > > Ross > > Sent: Wednesday, August 08, 2007 1:02 PM > > To: discussion@acfug.org > > Subject: Re: [ACFUG Discuss] strange issue with cfcontent > > > > cfcontent is designed to do exactly what you are doing. If you are > > seeing it cut off the download that is definately unexpected. I would > > definately try changing the content disposition to attachment. > > > > > > On 8/8/07, Dusty Hale <[EMAIL PROTECTED]> wrote: > >> Also could it be that cfcontent is not such a good approach for doing > >> what I described. Basically keeping the files out of the webroot for > >> security. Is there another better approach. Maybe create a process > >> that temporarily creates a folder and copy of the file for a normal > >> direct link to download and then wipe it off after a time. That was > >> just a > > quick thought. > >> > >> Dusty > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven > >> Ross > >> Sent: Wednesday, August 08, 2007 12:46 PM > >> To: discussion@acfug.org > >> Subject: Re: [ACFUG Discuss] strange issue with cfcontent > >> > >> doh, shoulda caught that... there still may be issues with it > >> depending on the users browser settings. We have seen quicktime do > >> some funky stuff with forcing the playing of an mp3 in the browser > >> instead of downloading the file. > >> > >> On 8/8/07, Justin Haygood <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> Normally.. using "attachment" instead of "inline" in the > >>> Content-Disposition header. > >>> > >>> > >>> > >>> > >>> > >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dusty > >>> Hale > >>> Sent: Wednesday, August 08, 2007 12:31 PM > >>> To: discussion@acfug.org > >>> Subject: [ACFUG Discuss] strange issue with cfcontent > >>> > >>> > >>> > >>> > >>> > >>> I've recently run into a rather strange issue with the use of > >>> cfcontent (I think). Here is a description of what is happening: > >>> > >>> > >>> > >>> > >>> > >>> 1. cfcontent is used to serve downloadable audio and video files > >>> that reside outside of the webroot. This of course is for security > >>> reasons being that the users have to purchase the files. A common > >>> technique I've used successfully in the past. > >>> > >>> > >>> > >>> > >>> > >>> 2. The files being downloaded don't seem to always come through > >>> complete and it's almost like the download is being cut off for some > >>> reason. Sometimes it works, sometime it doesn't. > >>> > >>> > >>> > >>> > >>> > >>> 3. It almost seems like client connectivity issues and I was > >>> convinced of that until it started happening to me when testing and > >>> now user's of the site report the same thing including the "client" > >>> (not client machine but my client). > >>> > >>> > >>> > >>> > >>> > >>> 4. I used Adobe connect this morning to share screens with my client > >>> this morning so I see hands on the problem on their computer and saw > >>> something else really strange. She was clicking to download the > >>> file, the file open in Windows Media rather than a normal download > >>> (I assume this was set up as her default player for mp3 files). I > >>> asked her to right click and choose "Save Target As" to ensure she > >>> was actually > >> downloading it and not streaming it. > >>> This always works fine for me but when she does that, it then > >>> downloads the .cfm file rather than the mp3 file (I can't reproduce > >>> that > >> on my machine). > >>> She is using Windows 2000 OS. > >>> > >>> > >>> > >>> > >>> > >>> 5. The site is hosted on a shared server at HostMySite.com. HMS > >>> support seemed to think the server it was on maybe was low on cf > >>> resources and that cfcontent was putting together bad files for > >>> downloads. Again sometime the downloads work fine, sometimes they > >>> don't. We moved the site to a different server they said had plenty > >>> of CF resources. However, this did not solve the problem and it > >>> continues to happen on the new server > >>> > >>> > >>> > >>> > >>> > >>> I've now spent several days troubleshooting and am getting nowhere > >>> :(. > >>> If someone has any insight as to why this might be happening, please > >>> share. I think some discussions on the use of cfcontent for secure > >>> downloads is probably a good topic for discussion anyway. Proper > >>> ways to successfully do it? > >>> > >>> > >>> > >>> > >>> > >>> Last but not least here is a code example from my app: > >>> > >>> > >>> > >>> > >>> > >>> <cftry> > >>> <CFHEADER NAME="Content-Disposition" VALUE="inline; > >>> filename=audio_#url.donorid#.mp3"> > >>> <cfcontent > >>> file="#application.path_audio##url.donorid#.mp3" > >>> type="application/unknown"> > >>> <cfcatch> > >>> <span style="color: red">There was a problem downloading the > >>> file. > >>> The file name may be missing from the server. Please alert the > >>> website administrator.</span> > >>> <cfabort> > >>> </cfcatch> > >>> </cftry> > >>> > >>> > >>> > >>> > >>> > >>> Also one other thing. Is there a way to use cfcontent so that it > >>> forces an audio or video file to actually download to a selected > >>> location. When user's default media players are set up for mp3, it > >>> generally just opens the file and starts playing. I want to somehow > >>> ensure that the file is fully downloaded to a selected area (that > >>> the user selects) before they start playing it and getting confused. > >>> In other > >> words, a "normal download" file. > >>> Hope that doesn't seem confusing. > >>> > >>> > >>> > >>> > >>> > >>> I greatly look forward to discussing and/or hearing any feedback on > >>> the issue. > >>> > >>> > >>> > >>> > >>> > >>> Regards to everyone, > >>> > >>> > >>> > >>> > >>> > >>> Dusty > >>> > >>> > >>> > >>> > >>> > >>> ------------------------------------------------------------- > >>> Annual Sponsor - Figleaf Software > >>> > >>> To unsubscribe from this list, manage your profile @ > >>> http://www.acfug.org?fa=login.edituserform > >>> > >>> For more info, see http://www.acfug.org/mailinglists Archive @ > >>> http://www.mail-archive.com/discussion%40acfug.org/ > >>> List hosted by FusionLink > >>> ------------------------------------------------------------- > >>> > >>> ------------------------------------------------------------- > >>> Annual Sponsor - Figleaf Software > >>> > >>> To unsubscribe from this list, manage your profile @ > >>> http://www.acfug.org?fa=login.edituserform > >>> > >>> For more info, see http://www.acfug.org/mailinglists Archive @ > >>> http://www.mail-archive.com/discussion%40acfug.org/ > >>> List hosted by FusionLink > >>> ------------------------------------------------------------- > >> > >> > >> -- > >> Steven Ross > >> web application & interface developer http://www.zerium.com [mobile] > >> 404-488-4364 [fax] 267-482-4364 > >> > >> > >> ------------------------------------------------------------- > >> Annual Sponsor FigLeaf Software - http://www.figleaf.com > >> > >> To unsubscribe from this list, manage your profile @ > >> http://www.acfug.org?fa=login.edituserform > >> > >> For more info, see http://www.acfug.org/mailinglists Archive @ > >> http://www.mail-archive.com/discussion%40acfug.org/ > >> List hosted by http://www.fusionlink.com > >> ------------------------------------------------------------- > >> > >> > >> > >> > >> > >> > >> ------------------------------------------------------------- > >> Annual Sponsor FigLeaf Software - http://www.figleaf.com > >> > >> To unsubscribe from this list, manage your profile @ > >> http://www.acfug.org?fa=login.edituserform > >> > >> For more info, see http://www.acfug.org/mailinglists Archive @ > >> http://www.mail-archive.com/discussion%40acfug.org/ > >> List hosted by http://www.fusionlink.com > >> ------------------------------------------------------------- > >> > >> > >> > >> > > > > > > -- > > Steven Ross > > web application & interface developer > > http://www.zerium.com > > [mobile] 404-488-4364 > > [fax] 267-482-4364 > > > > > > ------------------------------------------------------------- > > Annual Sponsor FigLeaf Software - http://www.figleaf.com > > > > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists Archive @ > > http://www.mail-archive.com/discussion%40acfug.org/ > > List hosted by http://www.fusionlink.com > > ------------------------------------------------------------- > > > > > > > > > > > > > > ------------------------------------------------------------- > > Annual Sponsor FigLeaf Software - http://www.figleaf.com > > > > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists Archive @ > > http://www.mail-archive.com/discussion%40acfug.org/ > > List hosted by http://www.fusionlink.com > > ------------------------------------------------------------- > > > > > > > > > > ------------------------------------------------------------- > Annual Sponsor FigLeaf Software - http://www.figleaf.com > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > > > > ------------------------------------------------------------- > Annual Sponsor FigLeaf Software - http://www.figleaf.com > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > -- Steven Ross web application & interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 267-482-4364 ------------------------------------------------------------- Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
