3 Replies Latest reply on Aug 29, 2006 11:35 AM by Newsgroup_User

    Secured documents

    gfcat
      I have a secured section of a web site (username and password required). If you go to a page inside the secured area without logging in, it will put you at the log in page. Inside the secured area there is a template that displays several documents that can be downloaded (.pdfs). The download part works. BUT if you copy and paste the URL to the .pdf into an email, the recipient of the e-mail can click on that URL and download the document.

      How do I protect my documents from unwanted eyes?

      Thanks.
        • 1. Re: Secured documents
          Level 7
          You need the URL to be one of your CFMs, not a PDF. You have control of the
          CFM. The same is not true of the PDFs.

          In your CFM, try CFfile, CFcontent and possibly CFheader to read and
          download the file. Forta's WACK helped me.

          -brian

          "gfcat" <webforumsuser@macromedia.com> wrote in message
          news:ed1ibn$ig9$1@forums.macromedia.com...
          >I have a secured section of a web site (username and password required). If
          >you
          > go to a page inside the secured area without logging in, it will put you
          > at the
          > log in page. Inside the secured area there is a template that displays
          > several
          > documents that can be downloaded (.pdfs). The download part works.
          > BUT
          > if you copy and paste the URL to the .pdf into an email, the recipient of
          > the
          > e-mail can click on that URL and download the document.
          >
          > How do I protect my documents from unwanted eyes?
          >
          > Thanks.
          >


          • 2. Re: Secured documents
            gfcat Level 1
            Brian:

            Thanks. Can you tell me more and/or give me an example of code?

            Thanks.
            • 3. Re: Secured documents
              Level 7
              How about?

              <cfheader name="Content-Disposition" value="filename=YourFileOnServer">
              <cfcontent file="YourFileonClient" deletefile="no">

              I do not want the client to know my (server) filename, so I use the two tags
              to give the client a different filename. It may be overkill, but I wanted as
              few security holes as possible. You may not need the optional MIMETYPE
              parameter that I used

              As I said, if you look up these tags in the documentation, you should be
              almost there.

              Once you get the above working, you are ready for the next layer of
              complexity. I could not use session variables since the preceding page has
              several "documents." I was forced to use GET variables. I used the encrypt
              and decrypt CF tags. Encrypting on the filename on the preceding page.
              Decrypting the filename on the page with the CFheader and CFcontent code.
              You may not need my next step since each of your CFM page should have some
              security code ... which some consider overkill.

              hth

              -brian

              "gfcat" <webforumsuser@macromedia.com> wrote in message
              news:ed1t4c$2fq$1@forums.macromedia.com...
              > Brian:
              >
              > Thanks. Can you tell me more and/or give me an example of code?
              >
              > Thanks.