Easy one I think, just not sure how to implement
I have a login area for our distributors on our site. Within
this section
there is sensitive documents (price lists, etc) available for
download.
I have a documents.cfm page with all the relevant links to
the documents.
At the top of my documents.cfm page I have code that verifies
that the user
has logged in. This would prevent "general" users from
accessing the page.
<cfif isdefined("client.access") AND client.access EQ
"YES">
<cfset client.timeout= now()+ #CreateTimeSpan(0, 0, 30,
0)#>
<cfelse>
<!--------User hasnt logged throw them out------->
<cf_tags_location
url="<cfoutput>#client.URL#</cfoutput>/logout.cfm"
addtoken="no">
</cfif>
My question is that in theory a user, if they knew the direct
url of the
excel document they could type it in and get around my
security. eg,
http.
www.mysite.com/documents/pricelist.xls
How could I stop this without putting file permissions on my
web server
folder? Would I have to set up some type of check in my
application.cfm page