[thelist] CF: Cloaking directories for file downloads?

Judah McAuley judah at wiredotter.com
Fri Jul 21 12:56:54 CDT 2006

Store the file in a non-web accessible directory. For each unique url, 
store the random number, file name and account info in a db table. Have 
the url be parsed as a forward slash delimited list to get the number 
and filename out as variables. Then check the session id, number in the 
url and file name against the db table. If it matches, use CFContent to 
grab the file and send it back to the browser with the proper mime type. 
Then mark the file in the db as having been downloaded (if it's a one 
time download).

If you have any questions on the particulars of that process, feel free 
to email me.


Frank wrote:
> I saw that a sofware vendor had used a scheme like this in order for the 
> user to download a file, but that the URL was good for only one time
> http://www.domain.com/RaNdOmNuMbEr/filename.exe
> I'm currently implementing a PayPal/file download solution, and I'd like to 
> be able to do something like this. Other than creating a new directory, 
> copying the file over, downloading it then deleting the file, then 
> directory per transaction, can someone suggest how I might do this?
> The idea is to have be able to hide the true location of a file so that the 
> user doesn't start distributing the URL among all of their friends. It's 
> just a simple security measure.
> Suggestions, anyone?
> Frank Marion     lists at frankmarion.com      Keep the signal high.

More information about the thelist mailing list