So i created a directory called 'secure' w/ a few pages, but how do sites usually make it so that users cant access a secure directory by typing in the directory in the address bar without logging in?
My thought was to include a piece of code like the following at the top of every page in that secure directory, so that none of the pages load since the session variable has not been switched to 'yes':
<cfif session.loggedin EQ "no">
<cfabort> (or use a cflocation to redirect to the login page outside the 'secure' directory)
</cfif>
Any thoughts? Im new to doing logins w/ CF...
Full Version: logins w CF?
If your "secure" folder is web accessible, then ColdFusion will not be able to do the job alone. You will need to put server controls on the folder - at the OS or web server level.
For instance, if you have yourfile.pdf in the "secure" folder, then ColdFusion will only be able to prevent ColdFusion pages from referencing the document. This would be the same for ASP, PHP, etc. But if you are hosted on a windows server (for instance) then you can set folder permissions to deny access to the folder. Then use ColdFusion to pull the content by way of the operating system (using cffile).
Does that help or would you like more information?
For instance, if you have yourfile.pdf in the "secure" folder, then ColdFusion will only be able to prevent ColdFusion pages from referencing the document. This would be the same for ASP, PHP, etc. But if you are hosted on a windows server (for instance) then you can set folder permissions to deny access to the folder. Then use ColdFusion to pull the content by way of the operating system (using cffile).
Does that help or would you like more information?
ohh ok. that makes sense. so basically i can only prevent CF pages from being accessed. what does cffile do?
QUOTE (Skemcin @ Nov 30 2008, 02:00 PM) 
If your "secure" folder is web accessible, then ColdFusion will not be able to do the job alone. You will need to put server controls on the folder - at the OS or web server level.
For instance, if you have yourfile.pdf in the "secure" folder, then ColdFusion will only be able to prevent ColdFusion pages from referencing the document. This would be the same for ASP, PHP, etc. But if you are hosted on a windows server (for instance) then you can set folder permissions to deny access to the folder. Then use ColdFusion to pull the content by way of the operating system (using cffile).
Does that help or would you like more information?
For instance, if you have yourfile.pdf in the "secure" folder, then ColdFusion will only be able to prevent ColdFusion pages from referencing the document. This would be the same for ASP, PHP, etc. But if you are hosted on a windows server (for instance) then you can set folder permissions to deny access to the folder. Then use ColdFusion to pull the content by way of the operating system (using cffile).
Does that help or would you like more information?
Correct.
<cffile> will allow you to access a file on the server that is otherwise not accessible from a URL.
For instance, lets say you are on a windows server, your website might be phyisically located at d:\inetpub\wwwroot\yourdomain\ which means that everything in that folder would literally be accessible via http://www.yourdomain.com/.
But, if you had files in d:\my documents\yourdomain\ then you would not be able to access them from your web address but you could use <cffile> to get the files, pull the file contents into a variable, then output the variable to the client with the respective MIME type (pdf, doc, ppt, etc.)
Lets say you are limited to d:\inetpub\wwwroot\yourdomain\ and only that. You could make d:\inetpub\wwwroot\yourdomain\downloads\ and put server site folder security on it. This would mean that only people who know the username/password you set could access the file using the web - but you coudl still use <cffile> to get the file the same way I describe.
Does that help?
<cffile> will allow you to access a file on the server that is otherwise not accessible from a URL.
For instance, lets say you are on a windows server, your website might be phyisically located at d:\inetpub\wwwroot\yourdomain\ which means that everything in that folder would literally be accessible via http://www.yourdomain.com/.
But, if you had files in d:\my documents\yourdomain\ then you would not be able to access them from your web address but you could use <cffile> to get the files, pull the file contents into a variable, then output the variable to the client with the respective MIME type (pdf, doc, ppt, etc.)
Lets say you are limited to d:\inetpub\wwwroot\yourdomain\ and only that. You could make d:\inetpub\wwwroot\yourdomain\downloads\ and put server site folder security on it. This would mean that only people who know the username/password you set could access the file using the web - but you coudl still use <cffile> to get the file the same way I describe.
Does that help?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.