Re: Preventing file download.
Guy,
Move the CAD files out of the web folder and use CFCONTENT to push the cad
files. The CFCONTENT script will be programmed to accept and validate an
encrypted phrase passed by the calling file (applet).
Now here is the worse part. The key used to validate and encode (CFENCRYPT)
the phrase must change everytime you push any CAD file. This means that the
second your java applet downloads the cad file, the encrypted phrase will be
out-dated and invalid for later use.
One way to do this is to store the key for each use in a Session. variable.
On applet code generating script:
applet
parameter cadfile="secureCADpush.cfm?password=#cfencrypt("Make it
work",Session.DynamicKey)#"
/applet
On push script:
!--- make sure the decryption works ---
CFTRY
CFIF cfdecrypt(url.Password, Session.DynamicKey) EQ "Make it work"
!--- create a new key and invalidate all previous encrypted phrases
---
CFSET Session.DynamicKey = Now()
!--- push file ---
CFCONTENT
/CFIF
!--- output error or do nothing ---
CFCATCH Type="ANY"
PUSH denied.
/CFCATCH
/CFTRY
I think this should work. However, the user might be smart enough to figure
out the scheme and stop the web browser right before the java code is
executed. Thus, the push never happens and by looking at the source code and
grabbing the url, the person will be able to download the file.
The java applet is execute on the client side so there is now way to
distinguish the applet request for the file as compared to the browser
request. Or is there? Not sure about this.
You can also beef up the security by only allowing cfcontent push when
HTTP_REFERER exists and that the domain is from your site.
Xing
fanfiction.net
Building an application that uses a cad file viewer that is a java applet.
The viewer loads a cad file from the document root on the web server and
display it in a browser.
The problem I have is that a user can view the source for the web page, get
the URL to the cad file and download the cad file to his local system.
I am looking for a way to allow the viewer to see the cad file but prevent a
user from downloading it. I am thinking that a component sitting in the
document root of the web server that could relay the file to the java
applet. Anyone found a solution for this or have any ideas?
TIA
Guy
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Preventing file download.
Building an application that uses a cad file viewer that is a java applet. The viewer loads a cad file from the document root on the web server and display it in a browser. The problem I have is that a user can view the source for the web page, get the URL to the cad file and download the cad file to his local system. I am looking for a way to allow the viewer to see the cad file but prevent a user from downloading it. I am thinking that a component sitting in the document root of the web server that could relay the file to the java applet. Anyone found a solution for this or have any ideas? TIA Guy -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Preventing file download.
We've got our data sitting on our CF server, you can't see the directory its in or the file in it but we cna FTP to it and it can be accessed by CF templates. We just got the ISP to fiddle some things their end. No smoke and mirrors. + Kevin Parker Service and Communication WorkCover Corporation [EMAIL PROTECTED] www.workcover.com ph: +61 8 82332548 fax: +61 8 82332000 mob: 0418 800 287 ++ -Original Message- From: Guy Walker [mailto:[EMAIL PROTECTED]] Sent: Thursday, 13 April 2000 2:26 PM To: [EMAIL PROTECTED] Subject: Preventing file download. Building an application that uses a cad file viewer that is a java applet. The viewer loads a cad file from the document root on the web server and display it in a browser. The problem I have is that a user can view the source for the web page, get the URL to the cad file and download the cad file to his local system. I am looking for a way to allow the viewer to see the cad file but prevent a user from downloading it. I am thinking that a component sitting in the document root of the web server that could relay the file to the java applet. Anyone found a solution for this or have any ideas? TIA Guy -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. This e-mail is intended for the use of the addressee only. It may contain information that is protected by legislated confidentiality and/or is legally privileged. If you are not the intended recipient you are prohibited from disseminating, distributing or copying this e-mail. Any opinion expressed in this e-mail may not necessarily be that of the WorkCover Corporation of South Australia. Although precautions have been taken, the sender cannot warrant that this e-mail or any files transmitted with it are free of viruses or any other defect. If you have received this e-mail in error, please notify the sender immediately by return e-mail and destroy the original e-mail and any copies. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
