7 Replies Latest reply on Mar 10, 2015 1:26 PM by bloodbanker

    Document folder outside of webserver




      At my facility we have access to drives that are up to a TB in size.  We have a lot of documents we plan to scan and save "online".  Currently our web servers are relatively small, the on I am on now is only 20GB and it's almost full.


      Can I upload documents through a web page to a drive that is not on the web server, and also build a page that links to those documents so that users can open them?



        • 1. Re: Document folder outside of webserver
          bloodbanker Level 1

          Is this possible?  If yes, could someone point me to some reference documents for this?  Also, if it's not possible, that would be great to hear also.


          Thank you

          • 2. Re: Document folder outside of webserver
            haxtbh Level 4

            Its not something you can natively do with out using some form of web service. For example we use Amazon S3 to store all our documents and images and use the built in S3 support in coldfusion to process them user side. This way you just pay for what you need too.

            • 3. Re: Document folder outside of webserver
              bloodbanker Level 1

              Okay, thanks.  That helps with our decision on how to progress.  We'll buy more webspace.


              As I mentioned all of the drives would be inhouse behind our firewall, I can't store these documents on Amazon.


              Surprisingly I can have a 1TB drive for free, but I need to pay (handsomely) for webspace.

              • 4. Re: Document folder outside of webserver
                Dave Ferguson Level 3

                This is totally possible without using a web service.  But it all depends on a few factors like network connectivity to storage and webserver os.  Can you explain a little about your environment and what you are running?

                • 5. Re: Document folder outside of webserver
                  bloodbanker Level 1



                  We are currently using CF9, but I will be moving the site to a CF10 server.  Please keep in mind I am not a network person, nor a CF person, nor a programmer of any sort, so my terminology is likely wrong.


                  On the CF10 server the database is on a separate MS SQL server.  Our IT department set up permissions to allow the web server to "talk" to the database server and it works fine.


                  We have shared file systems available.  I presume our IT people would also be able to let the web server talk to that drive?


                  Currently the files are stored outside of the web directory, but on the same server.  I use this file to retrieve them from a link:


                  <cfif fileexists('H:\scanned_files\#url.filename#.pdf')>

                  <cfheader name="Content-disposition" value="attachment;filename=#url.filename#.pdf">

                  <cfcontent file="H:\scanned_files\#url.filename#.pdf" deletefile="false">


                  File not found...


                  • 6. Re: Document folder outside of webserver
                    Dave Ferguson Level 3

                    First, you should't be using a url var in a file path.  This leads to directory traversal attacks.


                    Here is how you can make this work...


                    • First, make sure CF is running as a specific user.  It should be already if the lockdown guid was followed.
                    • Take the same credentials that CF is running as (user/password) and create an identical account on the server where the files are stored.
                    • Create a share on the server to the files giving the CF user read permissions
                    • Change your code to use a UNC path to get to the file.



                    <cfset fileName = url.filename>

                    <!--- validate that the filename field is in an expected format --->


                    <!--- always use forward slashes for file paths.  That way if the code moves to a linux based server you don't have to change anything. --->

                    <cfset fullPath = "//server/share/path/to/file/#filename.pdf">


                    <cfif fileexists(fullPath)>

                    <cfheader name="Content-disposition" value="attachment;filename=#fileName#.pdf">

                    <cfcontent file="#fullPath#" deletefile="false">


                    File not found...







                    • 7. Re: Document folder outside of webserver
                      bloodbanker Level 1

                      This is making me very sad, clearly I am in so far over my head I may not be able to accomplish this.


                      I simply installed CF9 on my webserver, I did not follow the 35 page lockdown guide.  I just tried, but got far too lost.


                      I know this is an ignorant thing to say, but I am not worried about security.  This is a locked down site that is behind our institutions firewall and no one has access to it besides my department.  Plus we aren't storing financial data, or world secrets.    It is working fine for us, except we are quickly running out of space.


                      I now have access to a drive (also behind our firewall), but it seems without these permissions being applied I will not be able to access the test files I have created.