I put stuff like that on S3, with read access denied. When someone
wants to view the resource, they're sent to a proxy page (written in
CF or whatever) that will build a signed URL that will allow them read
access to the resource for a period of time (a few minutes, a couple
hours, whatever is ap
Typically, the best way to secure downloadables is to have them stored above
the web root, thus not being directly accessible by the browser. Then when
an authnticated user wants to download one, you provide it to them
progrmatically
Here is a rough example
Click To Download
download.cfm
-
> them. If a users knew the link to the file:
> http://www.mysite.com/pdfs/sample.pdf they could
> still get to it in the browser without signing in.
> Is there any way outside of windows authentication
> at the directory level to prevent this? What
> is the standard way of dealing with this (i
One thing you could do is write a CF page to retrieve the files for the
user. That way, they wouldnt know the actual location of the file on the
file system. You would then make sure they were logged in before letting
them retrieve the file.
Dave
On Tue, Jul 28, 2009 at 2:11 PM, Scott Mulholland
I imagine this is a common issue :
Let's say you have bunch of PDFs in a directory: /pdfs and the links to the
files in the site are behind a login so non-registered users cannot access
them. If a users knew the link to the file:
http://www.mysite.com/pdfs/sample.pdf they could still get to
5 matches
Mail list logo
