Question : Using cfheader and cfcontent to obfuscate download path.

I have inherited a file repository application that I'd like to secure a bit.

Currently, when a user wants to download a file, the path to the file is exposed in the URL.

I should note that we are in a shared hosting environment, and no space outside the web root.

In any case, after doing a bit of reading, I thought I'd be able to use something like:

<a href="get_file.cfm?#urlEncodedFormat(CFusion_Encrypt(myPath, myKey))#">

Where myPath is the relative path to the file from the calling page.

Get_file.cfm code is below which fails with a 404 to the ENCRYPTED URL, even though I can dump vars to confirm I'm getting the decoded/decrypted path and file info.

What am I doing wrong?

<cfset ePath = CGI.QUERY_STRING />
<cfset oPath = URLDecode(CFusion_Decrypt(ePath, Session.UserName)) />

<cfset f = Right(oPath, Len(oPath) - Find("/", oPath, Find("/", oPath) + 1)) />

<cfheader name="Content-Disposition" value="attachment; filename=#f#" />
<cfcontent type="application/unknown" file="#oPath#" />

Answer : Using cfheader and cfcontent to obfuscate download path.

If you can Link the folder, then you can use a MakeTable query to localize that. For example, if I Link an Outlook folder named "MyOutLookFolder", and I then want to make that into a permanant, local table, I can do this:

Currentdb.Execute "SELECT * INTO MyNewTable FROM MyOutLookFolder"
Random Solutions  
programming4us programming4us