Only leave the index.cfm scripts in web accessible directories. Move all your other scripts into inaccessible directories. Remember, <cfinclude> can include a file that isn't web accessible. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: 4155778070 at messaging.sprintpcs.com > -----Original Message----- > From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org] > On Behalf Of Frank > Sent: Sunday, July 28, 2002 9:50 AM > To: thelist at lists.evolt.org > Subject: [thelist] CF: Security Question > > > Hi all, > > Question about security and Cold Fusion. Here are the circumstances: > > All directories have an index.cfm that handle URL/ request. > > Protected segmentes are protected using Session vars, run from the > Application file. > > Protected subsections have their own security. > > All action files, such as inserts, deletes and updates require a number of > specific values to run. (No using IsDefined() here). > > Now, how can I prevent someone from accessing a component file of one of > my > fuses though a direct URL (who knows how they figure it out, I just want > to > handle it in case they do). > > Is there a way of preventing access to any document other than index.cfm > from the user while allowing Cold Fusion full access to all it needs? > Especially: Is there a way short of putting some redirect header in each > and every single document that I've created? > > Thanks > > > > > -- > This message and any attachment it may have has been found free of viruses > before sending. Viral contagion is on the rise and Microsoft systems are > particularly vulnerable. Our responsibility as good Internet citizens is > to > ensure that we prevent transmitting viruses by keeping our own machine > safe. Please see the following article: > > http://www.frankmarion.com/VirusPrimer.html > > Frank Marion > framar at interlog.com > > > > -- > For unsubscribe and other options, including > the Tip Harvester and archive of thelist go to: > http://lists.evolt.org Workers of the Web, evolt !