Protecting non ColdFusion files with ColdFusion

We have to protect an entire directory and it's subdirectories with CF. We'd like to use CF to process our logins.. but can't have people directly linking to JPGs and MPGs etc under neath.. since CF can't really protect these individual files unless called through a CFM page, we've run into a problem. How can we accomplish this?  We DO own a copy of AuthentiX and unfortunately CFContent is not a viable solution.  This site will have upwards of 12,000 simultaneous users and CFContent has too much overheard. Thank you! JLH

Are you using apache? You could probably use CF to write an .htaccess file...   -- jon ------------- jon roig senior manager, online production epilepsy foundation phone: 215.850.0710 site:  http://www.epilepsyfoundation.org email: jroig@efa.org We have to protect an entire directory and it's subdirectories with CF. We'd like to use CF to process our logins.. but can't have people directly linking to JPGs and MPGs etc under neath.. since CF can't really protect these individual files unless called through a CFM page, we've run into a problem. How can we accomplish this?  We DO own a copy of AuthentiX and unfortunately CFContent is not a viable solution.  This site will have upwards of 12,000 simultaneous users and CFContent has too much overheard. Thank you! JLH

Actually we are using IIS. But..... we may be able to use Apache.. nothing is set in stone yet... How would we go about doing the HTAccess.....? J ----- Excess quoted text cut - see Original Post for more ----- unfortunately ----- Excess quoted text cut - see Original Post for more -----

Check out this tutorial... This will give you an idea on how do set one up, then you should be able to go from there ans how to get CF to write it... http://faq.clever.net/htaccess.htm Mike Actually we are using IIS. But..... we may be able to use Apache.. nothing is set in stone yet... How would we go about doing the HTAccess.....? J ----- Excess quoted text cut - see Original Post for more ----- unfortunately ----- Excess quoted text cut - see Original Post for more -----

Got it. Any ideas on how else to do it in IIS and CF? I wish IIS had an authent scheme to look for my cookie and it's content and see that's it there, so let them have access. That'd be nice. J > Check out this tutorial... > This will give you an idea on how do set one up, then you should be able to go from there ans how to get CF to write it... ----- Excess quoted text cut - see Original Post for more ----- directly > > linking to JPGs and MPGs etc under neath.. since CF can't really protect > > these individual files unless called through a CFM page, we've run into a ----- Excess quoted text cut - see Original Post for more ----- 12,000 ----- Excess quoted text cut - see Original Post for more -----

AuthentiX... used it before.. How do you go about tracking who downloaded what and how many times etc? AuthentiX is built with an ISAPI filter that overrides Windows NT security model..(Challenge/Response) and creates an Authenticated user, (CGI.Auth_User) gets populated. The other disadvantage... is the session doesnt time out until the use closes his browser. I would still advice CFCONTENT and possibly secure the files somewhere other than wwwroot.. without public access and use CFContent to deliver the files. I am not sure... about the overhead...havent seen anybody mention it. Joe Certified Advanced ColdFusion Developer BJoebox@earthlink.net We have to protect an entire directory and it's subdirectories with CF. We'd like to use CF to process our logins.. but can't have people directly linking to JPGs and MPGs etc under neath.. since CF can't really protect these individual files unless called through a CFM page, we've run into a problem. How can we accomplish this?  We DO own a copy of AuthentiX and unfortunately CFContent is not a viable solution.  This site will have upwards of 12,000 simultaneous users and CFContent has too much overheard. Thank you! JLH

iAuth can do this.  We have versions for IIS and Website. More info and a 60-day demo are on our web site. HTH, -- Howie Hamlin - inFusion Project Manager On-Line Data Solutions, Inc. - www.CoolFusion.com  - 631-737-4668 x101 inFusion Mail Server (iMS) - The Award-winning, Intelligent Mail Server ----- Excess quoted text cut - see Original Post for more -----

Usually do not do this, but going to plug iAuth. (Sorry Mike, had to.) We bought it about two months ago for 5 servers because people were linking to the .mov files bypassing CF or HTML.  Cost is a lot of money because of the burstable bandwidth. Purchased iAuth and it killed everybody cheating us.  And with burstable DS3s, the price for iAuth was worth it. Thanks for a great product... At 03:55 PM 7/16/2002 -0400, you wrote: ----- Excess quoted text cut - see Original Post for more -----

I'll take a look at it. Thank You, J ----- Excess quoted text cut - see Original Post for more ----- http://www.coolfusion.com/imssecomparison.cfm > > > We have to protect an entire directory and it's subdirectories with CF. > > We'd like to use CF to process our logins.. but can't have people directly > > linking to JPGs and MPGs etc under neath.. since CF can't really protect > > these individual files unless called through a CFM page, we've run into a > > problem. > > > > How can we accomplish this?  We DO own a copy of AuthentiX and unfortunately > > CFContent is not a viable solution.  This site will have upwards of 12,000 ----- Excess quoted text cut - see Original Post for more -----

If you have any questions please feel free to send me an emaqil directly. Regards, Howie > I'll take a look at it. > > Thank You, > > J