Secured documents

Report · Aug 29, 2006

I have a secured section of a web site (username and password required). If you go to a page inside the secured area without logging in, it will put you at the log in page. Inside the secured area there is a template that displays several documents that can be downloaded (.pdfs). The download part works. BUT if you copy and paste the URL to the .pdf into an email, the recipient of the e-mail can click on that URL and download the document.

How do I protect my documents from unwanted eyes?

Thanks.

Report · Aug 29, 2006

You need the URL to be one of your CFMs, not a PDF. You have control of the
CFM. The same is not true of the PDFs.

In your CFM, try CFfile, CFcontent and possibly CFheader to read and
download the file. Forta's WACK helped me.

-brian

"gfcat" <webforumsuser@macromedia.com> wrote in message
news:ed1ibn$ig9$1@forums.macromedia.com...
>I have a secured section of a web site (username and password required). If
>you
> go to a page inside the secured area without logging in, it will put you
> at the
> log in page. Inside the secured area there is a template that displays
> several
> documents that can be downloaded (.pdfs). The download part works.
> BUT
> if you copy and paste the URL to the .pdf into an email, the recipient of
> the
> e-mail can click on that URL and download the document.
>
> How do I protect my documents from unwanted eyes?
>
> Thanks.
>

Report · Aug 29, 2006

Brian:

Thanks. Can you tell me more and/or give me an example of code?

Thanks.

Report · Aug 29, 2006

How about?

<cfheader name="Content-Disposition" value="filename=YourFileOnServer">
<cfcontent file="YourFileonClient" deletefile="no">

I do not want the client to know my (server) filename, so I use the two tags
to give the client a different filename. It may be overkill, but I wanted as
few security holes as possible. You may not need the optional MIMETYPE
parameter that I used

As I said, if you look up these tags in the documentation, you should be
almost there.

Once you get the above working, you are ready for the next layer of
complexity. I could not use session variables since the preceding page has
several "documents." I was forced to use GET variables. I used the encrypt
and decrypt CF tags. Encrypting on the filename on the preceding page.
Decrypting the filename on the page with the CFheader and CFcontent code.
You may not need my next step since each of your CFM page should have some
security code ... which some consider overkill.

hth

-brian

"gfcat" <webforumsuser@macromedia.com> wrote in message
news:ed1t4c$2fq$1@forums.macromedia.com...
> Brian:
>
> Thanks. Can you tell me more and/or give me an example of code?
>
> Thanks.

Adobe Community

Secured documents