Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Tommy Geist]

We use the cfcontent tag as well.  We have our
documents stored in binary in the database so we just
run a query to pull the data out and then use the
cfcontent tag :




--- Mike Staver <[EMAIL PROTECTED]> wrote:

> Another thought I had is why not use the cfcontent
> tag? I tend to use 
> that tag when I want to obscure file paths from
> users while displaying 
> things like pdfs.  You could open a new window and
> always have it use 
> the same cfm file while passing a variable into it
> via a url or 
> something so it opens a file with a specific ID of
> some kind - maybe you 
> could have a table with the filenames and matching
> ids you could pass in 
> the url.  Just a suggestion.
> 
> Darin Kohles wrote:
> > You definately do NOT want to include the absolute
> path 'C:/' - use
> > relative paths, or if you absolutely want to give
> the full URL, then
> > use the format 'http://yourdomain.com/' - as the
> file(s) will have to
> > be located relative to your web root.
> >
> > On Thu, Feb 21, 2008 at 9:49 PM, Peyton Todd
> <[EMAIL PROTECTED]> wrote:
> >   
> >> This one ought to be easy for someone who knows
> how. I want to load a pdf into a web page child
> window. When I put the pdf on the website's
> directory, the following code (where the function is
> passed a job number naming the pdf) works without a
> hitch:
> >>
> >>  function ScannedStyle(jn){
> >>jn = jn + '.pdf';
> >>   
>
win=window.open(jn,'Style','width=800,height=500,resizable=yes');
> >>win.focus();
> >>win.moveTo(50,50);
> >>}
> >>
> >>  However, in the real life situation, there will
> be thousands of pdf's, located on an arbitrary
> directory elsewhere on the server. The following
> does not work:
> >>
> >>  function ScannedStyle(jn){
> >>subdir = jn.substr(0,3); //subdirectories are
> first 3 digits of each jobno
> >>dir = 'c:/ScannedStyles/' + subdir + '/';
> >>jn = dir + jn + '.pdf';
> >>alert(jn); //this says e.g.
> 'c:/ScannedStyles/513/51310.pdf' just as it should
> >>   
>
win=window.open(jn,'Style','width=800,height=500,resizable=yes');
> >>win.focus();
> >>win.moveTo(50,50);
> >>}
> >>
> >>  Firefox objects, saying 'Firefox doesn't know
> how to open the address because the protocol (c)
> isn't associated with any program'.
> >>
> >>  Since it appears to be taking the 'c' drive
> designation as the name of a protocol, that suggests
> that I need to specify one. However, the following
> also does not work:
> >>
> >>  function ScannedStyle(jn){
> >>subdir = jn.substr(0,3); //subdirectories are
> first 3 digits of each jobno
> >>dir = 'file://c:/ScannedStyles/' + subdir +
> '/';
> >>jn = dir + jn + '.pdf';
> >>   
>
win=window.open(jn,'Style','width=800,height=500,resizable=yes');
> >>win.focus();
> >>win.moveTo(50,50);
> >>}
> >>
> >>
> >>  What should I be doing?
> >>
> >>  Thanks for your help,
> >>
> >>  Peyton
> >>
> >>
> >>
> >>
> >>
> >>
> >> 
>
-
> >>  Annual Sponsor FigLeaf Software -
> http://www.figleaf.com
> >>
> >>  To unsubscribe from this list, manage your
> profile @
> >>  http://www.acfug.org?fa=login.edituserform
> >>
> >>  For more info, see
> http://www.acfug.org/mailinglists
> >>  Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> >>  List hosted by http://www.fusionlink.com
> >> 
>
-
> >>
> >>
> >>
> >>
> >> 
> >
> >
> >
>
-
> > Annual Sponsor FigLeaf Software -
> http://www.figleaf.com
> >
> > To unsubscribe from this list, manage your profile
> @ 
> > http://www.acfug.org?fa=login.edituserform
> >
> > For more info, see
> http://www.acfug.org/mailinglists
> > Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> > List hosted by http://www.fusionlink.com
> >
>
-
> >
> >
> >   
> 
> 
>
-
> Annual Sponsor FigLeaf Software -
> http://www.figleaf.com
> 
> To unsubscribe from this list, manage your profile @
> 
> http://www.acfug.org?fa=login.edituserform
> 
> For more info, see http://www.acfug.org/mailinglists
> Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by http://www.fusionlink.com
>
-
> 
> 
> 
> 



  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://w

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Howard Fore]

On 2/21/08, Darin Kohles <[EMAIL PROTECTED]> wrote:
>
> if you absolutely want to give the full URL, then
> use the format 'http://yourdomain.com/' - as the file(s) will have to
> be located relative to your web root.
>

Yep. This is the method I've followed in the past. I've found that there are
a lot of pitfalls with the cfcontent and cfheader in getting cross-browser
acceptability of various document types using MIME types, particularly when
you get into the issue of wanting the downloaded file to have a specific
file name. Your Mileage May Vary. So the process I've followed is to write
the file to disk in an internet accessible location (ie, somewhere in your
webroot), then send the browser a page that has a javascript function that
sets the location.href to that file.


-- 
Howard Fore, [EMAIL PROTECTED]
"The universe tends toward maximum irony. Don't push it." - Jeff Atwood



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Dean H. Saxe]

How do you then control unauthorized access to the file?  How do you  
know when to delete the file?


-dhs


Dean H. Saxe, CISSP,  CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.  
This is easy. All you have to do is to tell them they are being  
attacked, and denounce the pacifists for lack of patriotism and  
exposing the country to danger. It works the same in every country."

--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials



On Feb 22, 2008, at 8:41 AM, Howard Fore wrote:


On 2/21/08, Darin Kohles <[EMAIL PROTECTED]> wrote:
if you absolutely want to give the full URL, then
use the format 'http://yourdomain.com/' - as the file(s) will have to
be located relative to your web root.

Yep. This is the method I've followed in the past. I've found that  
there are a lot of pitfalls with the cfcontent and cfheader in  
getting cross-browser acceptability of various document types using  
MIME types, particularly when you get into the issue of wanting the  
downloaded file to have a specific file name. Your Mileage May Vary.  
So the process I've followed is to write the file to disk in an  
internet accessible location (ie, somewhere in your webroot), then  
send the browser a page that has a javascript function that sets the  
location.href to that file.



--
Howard Fore, [EMAIL PROTECTED]
"The universe tends toward maximum irony. Don't push it." - Jeff  
Atwood

-
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Steven Ross]

The only problems I have ever seen with cfcontent and setting the doc type
is that people get confused that things just "open" however, they forget
that they actually told their browser to do this at some point when they
installed software. So i usually end up sending pdf's or whatever and
forcing the download by setting the content type to application/octet-stream
and it forces the download box. Not very elegant but it works.

On Fri, Feb 22, 2008 at 8:41 AM, Howard Fore <[EMAIL PROTECTED]> wrote:

> On 2/21/08, Darin Kohles <[EMAIL PROTECTED]> wrote:
> >
> > if you absolutely want to give the full URL, then
> > use the format 'http://yourdomain.com/' - as the file(s) will have to
> > be located relative to your web root.
> >
>
> Yep. This is the method I've followed in the past. I've found that there
> are a lot of pitfalls with the cfcontent and cfheader in getting
> cross-browser acceptability of various document types using MIME types,
> particularly when you get into the issue of wanting the downloaded file to
> have a specific file name. Your Mileage May Vary. So the process I've
> followed is to write the file to disk in an internet accessible location
> (ie, somewhere in your webroot), then send the browser a page that has a
> javascript function that sets the location.href to that file.
>
>
> --
> Howard Fore, [EMAIL PROTECTED]
> "The universe tends toward maximum irony. Don't push it." - Jeff Atwood
> -
> Annual Sponsor - Figleaf Software 
>
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink 
> -




-- 
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] 267-482-4364
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Howard Fore]

Well sure, you have to balance those concerns, it depends on the sensitivity
of your output. If  you need to control access to the files, assuming you
had an authenticated user system, you could have an output directory per
user or group and authenticate the user's access to that directory in
application.cfm (off the top of my head). As for deleting the file, use a
scheduled job to clean out files with old dates.

On 2/22/08, Dean H. Saxe <[EMAIL PROTECTED]> wrote:
>
> How do you then control unauthorized access to the file?  How do you know
> when to delete the file?
> -dhs
>
>
> Dean H. Saxe, CISSP,  CEH
> [EMAIL PROTECTED]
> "[T]he people can always be brought to the bidding of the leaders. This is
> easy. All you have to do is to tell them they are being attacked, and
> denounce the pacifists for lack of patriotism and exposing the country to
> danger. It works the same in every country."
> --Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials
>
>
>
> On Feb 22, 2008, at 8:41 AM, Howard Fore wrote:
>
> On 2/21/08, Darin Kohles <[EMAIL PROTECTED]> wrote:
> >
> > if you absolutely want to give the full URL, then
> > use the format 'http://yourdomain.com/' - as the file(s) will have to
> > be located relative to your web root.
> >
>
> Yep. This is the method I've followed in the past. I've found that there
> are a lot of pitfalls with the cfcontent and cfheader in getting
> cross-browser acceptability of various document types using MIME types,
> particularly when you get into the issue of wanting the downloaded file to
> have a specific file name. Your Mileage May Vary. So the process I've
> followed is to write the file to disk in an internet accessible location
> (ie, somewhere in your webroot), then send the browser a page that has a
> javascript function that sets the location.href to that file.
>
>
> --
> Howard Fore, [EMAIL PROTECTED]
> "The universe tends toward maximum irony. Don't push it." - Jeff Atwood
> -
> Annual Sponsor - Figleaf Software 
>
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink 
> -
>
>
>


-- 
Howard Fore, [EMAIL PROTECTED]
"The universe tends toward maximum irony. Don't push it." - Jeff Atwood



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Darin Kohles]

In regards unauthorized access, one work-around that I've built in the
past was the following: In a typical CMS, most managed file content is
abstracted into an ID based folder and file structure; these ID's are
stored in the database along with a "friendly" name. When a user wants
access to the file and desires that then name not be 100327.pdf but
instead be more like 2007_Golfball_Inventory.pdf, I simply duplicate
the file to a known fixed location with the name change applied (no
worries about cfcontent or mimetypes). Then either at the request or
session level or in most cases as a CF Scheduled Task I purge the
transfer location after the file has been served. That way if someone
were to bookmark the file path, it would no longer be available (after
a set interval) unless they accessed via the original method.

Darin Kohles


-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Steven Ross]

yikes what about this?


On Fri, Feb 22, 2008 at 5:05 PM, Darin Kohles <[EMAIL PROTECTED]> wrote:

> In regards unauthorized access, one work-around that I've built in the
> past was the following: In a typical CMS, most managed file content is
> abstracted into an ID based folder and file structure; these ID's are
> stored in the database along with a "friendly" name. When a user wants
> access to the file and desires that then name not be 100327.pdf but
> instead be more like 2007_Golfball_Inventory.pdf, I simply duplicate
> the file to a known fixed location with the name change applied (no
> worries about cfcontent or mimetypes). Then either at the request or
> session level or in most cases as a CF Scheduled Task I purge the
> transfer location after the file has been served. That way if someone
> were to bookmark the file path, it would no longer be available (after
> a set interval) unless they accessed via the original method.
>
> Darin Kohles
>
>
> -
> Annual Sponsor FigLeaf Software - http://www.figleaf.com
>
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by http://www.fusionlink.com
> -
>
>
>
>


-- 
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] 267-482-4364
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma

[Peyton Todd]

Thanks everyone, that worked beautifully. To wit:

function ScannedStyle(jn){
   subdir = jn.substr(0,3);
   fullpath = 'c:/ScannedStyles/' + subdir + '/' + jn + '.pdf';
   showpdf = 'ShowPDF.cfm?thepdf=' + fullpath;
   win=window.open(showpdf,'Style','width=800,height=500,resizable=yes');   
   win.focus();
   win.moveTo(50,50);
   }

where ShowPDF.cfm consists of the single line:



Later I plan to add error trapping for when the file's not there...

Peyton

-Original Message-
>From: Mike Staver <[EMAIL PROTECTED]>
>Sent: Feb 22, 2008 12:01 AM
>To: discussion@acfug.org
>Subject: Re: [ACFUG Discuss] Newbie's Next Daunting Dilemma
>
>Another thought I had is why not use the cfcontent tag? I tend to use 
>that tag when I want to obscure file paths from users while displaying 
>things like pdfs.  You could open a new window and always have it use 
>the same cfm file while passing a variable into it via a url or 
>something so it opens a file with a specific ID of some kind - maybe you 
>could have a table with the filenames and matching ids you could pass in 
>the url.  Just a suggestion.
>
>Darin Kohles wrote:
>> You definately do NOT want to include the absolute path 'C:/' - use
>> relative paths, or if you absolutely want to give the full URL, then
>> use the format 'http://yourdomain.com/' - as the file(s) will have to
>> be located relative to your web root.
>>
>> On Thu, Feb 21, 2008 at 9:49 PM, Peyton Todd <[EMAIL PROTECTED]> wrote:
>>   
>>> This one ought to be easy for someone who knows how. I want to load a pdf 
>>> into a web page child window. When I put the pdf on the website's 
>>> directory, the following code (where the function is passed a job number 
>>> naming the pdf) works without a hitch:
>>>
>>>  function ScannedStyle(jn){
>>>jn = jn + '.pdf';
>>>win=window.open(jn,'Style','width=800,height=500,resizable=yes');
>>>win.focus();
>>>win.moveTo(50,50);
>>>}
>>>
>>>  However, in the real life situation, there will be thousands of pdf's, 
>>> located on an arbitrary directory elsewhere on the server. The following 
>>> does not work:
>>>
>>>  function ScannedStyle(jn){
>>>subdir = jn.substr(0,3); //subdirectories are first 3 digits of each 
>>> jobno
>>>dir = 'c:/ScannedStyles/' + subdir + '/';
>>>jn = dir + jn + '.pdf';
>>>alert(jn); //this says e.g. 'c:/ScannedStyles/513/51310.pdf' just as it 
>>> should
>>>win=window.open(jn,'Style','width=800,height=500,resizable=yes');
>>>win.focus();
>>>win.moveTo(50,50);
>>>}
>>>
>>>  Firefox objects, saying 'Firefox doesn't know how to open the address 
>>> because the protocol (c) isn't associated with any program'.
>>>
>>>  Since it appears to be taking the 'c' drive designation as the name of a 
>>> protocol, that suggests that I need to specify one. However, the following 
>>> also does not work:
>>>
>>>  function ScannedStyle(jn){
>>>subdir = jn.substr(0,3); //subdirectories are first 3 digits of each 
>>> jobno
>>>dir = 'file://c:/ScannedStyles/' + subdir + '/';
>>>jn = dir + jn + '.pdf';
>>>win=window.open(jn,'Style','width=800,height=500,resizable=yes');
>>>win.focus();
>>>win.moveTo(50,50);
>>>}
>>>
>>>
>>>  What should I be doing?
>>>
>>>  Thanks for your help,
>>>
>>>  Peyton
>>>
>>>
>>>
>>>
>>>
>>>
>>>  -
>>>  Annual Sponsor FigLeaf Software - http://www.figleaf.com
>>>
>>>  To unsubscribe from this list, manage your profile @
>>>  http://www.acfug.org?fa=login.edituserform
>>>
>>>  For more info, see http://www.acfug.org/mailinglists
>>>  Archive @ http://www.mail-archive.com/discussion%40acfug.org/
>>>  List hosted by http://www.fusionlink.com
>>>  -
>>>
>>>
>>>
>>>
>>> 
>>
>>
>> -
>> Annual Sponsor FigLeaf Software - http://www.figleaf.com
>>
>> To unsubscribe from this list, manage your profile @ 
>> http://www.acfug.org?fa=login.edituserform
>>
>> For more info, see http://www.acfug.org/mailinglists
>> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
>> List hosted by http://www.fusionlink.com
>> -
>>
>>
>>   
>
>
>-
>Annual Sponsor FigLeaf Software - http://www.figleaf.com
>
>To unsubscribe from this list, manage your profile @ 
>http://www.acfug.org?fa=login.edituserform
>
>For more info, see http://www.acfug.org/mailinglists
>Archive @ http://www.mail-archive.com/discussion%40acfug.org/
>List hosted by http://www.fusionlink.com
>-
>
>
>



-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, s