[thelist] Hiding file location

Pete Freitag pf at cfdev.com
Fri Sep 7 14:15:02 CDT 2001

If you are reading the file from your server side code, you can send back
the file dynamically, so it looks like the file is coming from
dynamicFile.cfm a server side page.  The file you are sending DOES NOT need
to be under the web server root, so you don't have to worry about people
guessing the file name.

Its very easy to do this in ColdFusion, you just use the CFCONTENT tag.
What language are you using?

Pete Freitag (pfreitag at cfdev.com)
ColdFusion Developer Resources

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Herrick, Emma
Sent: Friday, September 07, 2001 3:01 PM
To: thelist at lists.evolt.org
Subject: RE: [thelist] Hiding file location

Thanks Anthony.

Directory browsing is off, I just didn't want people to even be able to
guess the name of another file and download.

On looking through a PHP Q/A a few minutes ago someone suggested
authenticating the user, then creating a new, randomly-named folder, copying
the file they're allowed to access to it from a secure folder with the
fileobject system, and then deleting the folder at some future point.

What do you think of that method?


>One way would be to make sure that directory browsing is turned off.
>What we do currenty is do a binary read of the file via ASP
>then tell the
>browser via HTTP Headers that a PDF files is coming and
>"write" the file to
>the browser. You can then load up the download script with
>and such to control access to the files.
>Anthony Baratta
>Keyboard Jockeys
>"Conformity is the refuge of the unimaginative."
>For unsubscribe and other options, including
>the Tip Harvester and archive of TheList go to:
>http://lists.evolt.org Workers of the Web, evolt !

For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list