Is this possible? If yes, could someone point me to some reference documents for this? Also, if it's not possible, that would be great to hear also.
Its not something you can natively do with out using some form of web service. For example we use Amazon S3 to store all our documents and images and use the built in S3 support in coldfusion to process them user side. This way you just pay for what you need too.
Okay, thanks. That helps with our decision on how to progress. We'll buy more webspace.
As I mentioned all of the drives would be inhouse behind our firewall, I can't store these documents on Amazon.
Surprisingly I can have a 1TB drive for free, but I need to pay (handsomely) for webspace.
This is totally possible without using a web service. But it all depends on a few factors like network connectivity to storage and webserver os. Can you explain a little about your environment and what you are running?
We are currently using CF9, but I will be moving the site to a CF10 server. Please keep in mind I am not a network person, nor a CF person, nor a programmer of any sort, so my terminology is likely wrong.
On the CF10 server the database is on a separate MS SQL server. Our IT department set up permissions to allow the web server to "talk" to the database server and it works fine.
We have shared file systems available. I presume our IT people would also be able to let the web server talk to that drive?
Currently the files are stored outside of the web directory, but on the same server. I use this file to retrieve them from a link:
<cfheader name="Content-disposition" value="attachment;filename=#url.filename#.pdf">
<cfcontent file="H:\scanned_files\#url.filename#.pdf" deletefile="false">
File not found...
First, you should't be using a url var in a file path. This leads to directory traversal attacks.
Here is how you can make this work...
- First, make sure CF is running as a specific user. It should be already if the lockdown guid was followed.
- Take the same credentials that CF is running as (user/password) and create an identical account on the server where the files are stored.
- Create a share on the server to the files giving the CF user read permissions
- Change your code to use a UNC path to get to the file.
<cfset fileName = url.filename>
<!--- validate that the filename field is in an expected format --->
<!--- always use forward slashes for file paths. That way if the code moves to a linux based server you don't have to change anything. --->
<cfset fullPath = "//server/share/path/to/file/#filename.pdf">
<cfheader name="Content-disposition" value="attachment;filename=#fileName#.pdf">
<cfcontent file="#fullPath#" deletefile="false">
File not found...
This is making me very sad, clearly I am in so far over my head I may not be able to accomplish this.
I simply installed CF9 on my webserver, I did not follow the 35 page lockdown guide. I just tried, but got far too lost.
I know this is an ignorant thing to say, but I am not worried about security. This is a locked down site that is behind our institutions firewall and no one has access to it besides my department. Plus we aren't storing financial data, or world secrets. It is working fine for us, except we are quickly running out of space.
I now have access to a drive (also behind our firewall), but it seems without these permissions being applied I will not be able to access the test files I have created.