Re: How to protect PDF documents from direct access
Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf You can remove them from web-accessible directories and (a) serve them with CFCONTENT, or (b) create a temporary symlink of some sort using CFEXECUTE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:03 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How to protect PDF documents from direct access
Keep them off the webroot, and then serve them up with cfcontent or apache mod_xsendfile Mark On Tue, May 4, 2010 at 8:57 AM, col...@uci.edu col...@uci.edu col...@uci.edu wrote: Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf Any quick and easy ideas appreciated. Rick. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:04 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: How to protect PDF documents from direct access
Store them outside your web root and serve them up with cfcontent. Just remember a CF thread is used for the duration of the download. ~Brad Original Message Subject: How to protect PDF documents from direct access From: col...@uci.edu col...@uci.edu col...@uci.edu Date: Mon, May 03, 2010 5:57 pm To: cf-talk cf-talk@houseoffusion.com Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf Any quick and easy ideas appreciated. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:05 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How to protect PDF documents from direct access
I am on a shared host, so moving outside the web directories is not practical. On 5/3/2010 4:09 PM, Dave Watts wrote: Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf You can remove them from web-accessible directories and (a) serve them with CFCONTENT, or (b) create a temporary symlink of some sort using CFEXECUTE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:11 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How to protect PDF documents from direct access
Rename them with a .cfm extension - put a Application.cfm in the root of the dir with a cfabort in it. Then push them out through cfcontent and using HTTP Headers tell the browser the name of the file without the .cfm extension. Mark On Tue, May 4, 2010 at 12:53 PM, Rick Colman rcol...@cox.net wrote: I am on a shared host, so moving outside the web directories is not practical. On 5/3/2010 4:09 PM, Dave Watts wrote: Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf You can remove them from web-accessible directories and (a) serve them with CFCONTENT, or (b) create a temporary symlink of some sort using CFEXECUTE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:12 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How to protect PDF documents from direct access
...or I could also say ;o) get off a shared host. Mark On Tue, May 4, 2010 at 1:00 PM, Mark Mandel mark.man...@gmail.com wrote: Rename them with a .cfm extension - put a Application.cfm in the root of the dir with a cfabort in it. Then push them out through cfcontent and using HTTP Headers tell the browser the name of the file without the .cfm extension. Mark On Tue, May 4, 2010 at 12:53 PM, Rick Colman rcol...@cox.net wrote: I am on a shared host, so moving outside the web directories is not practical. On 5/3/2010 4:09 PM, Dave Watts wrote: Is there some easy way to protect PDF (and perhaps other kinds of documents) from sideaways access? In other words, after building login pages, protecting html/cfm pages from direct access, etc.; someone can still directly access a document with a direct URL, like www.xxx.com/.pdf You can remove them from web-accessible directories and (a) serve them with CFCONTENT, or (b) create a temporary symlink of some sort using CFEXECUTE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:13 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How to protect PDF documents from direct access [spamtrap bayes][spamtrap heur]
On 5/4/2010 10:01 AM, Mark Mandel wrote: ...or I could also say ;o) get off a shared host. actually a decent shared host should provide a dir w/your web root under that. i mean where would people put their access databases ;-) ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:14 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm