Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

secure area for filedownload - ON GODADDY :(

Status
Not open for further replies.
hugstable77

hugstable77

Programmer
Apr 21, 2006
7
US
using godaddy coldfusion hosting for a project...

apache: 1.3

mysql: 4.0.24

cf: mx 7



I basically want to set up an engine to allow certain users to download zip files assigned to them... File FOO will only be allowed to be accessed by user JDOE, jdoe can access multiple files...



godaddy restrictions:

- I cannot change my directory structure

- I cannot set up a directory below the web root.

- I cannot use custom tags



My plan:

1-create a directory called PROTECTED

2-CHMOD that directory to 700 (via smart ftp -great proggie btw)

2-use my database to associate the users to there specific files.

3-set up my download engine to move selected files to a temp directory (via CFFILE), then download them to the user.



QUESTIONS:

1) Is this a good way to do this (seems like there has to be an easier way)...

2) Is the CHMOD 700 what you would recommend - I can set it to anything I like...

3) How would you do this?



Thanks in advance...

-c (4:49 PM 8/15/2006)
 
Sort by date Sort by votes
Take a look at this tutorial,


It covers the benfits of using ColdFusionMX7 based security features to secure your site.

I'd use that method to create a secure section of the site, and then use link tables in the database to accociate users with the files they have access too.

That should get you started,

Rob
 
Upvote 0 Downvote
hugstable77, is your question more on how to enable the user to login and download the file, or create and save the file on the (godaddy) server?

BTW, I'm surprised that godaddy does not allow users to use custom tags. I always thought hosting companies gave paying customers that much.

____________________________________
Just Imagine.
 
Upvote 0 Downvote
Hmm, i think the reason that they dont bother allowing custom is that with the new features in MX7 customer tags have become pretty much redundant.

I used develop apps on CF5, and i found that when i moved the app over to MX7 i found that i no longer needed any of the custom tags as features were ither inbuilt or achievable using components.

It does seem odd that they block that option.

Perhaps its difficult to give access to users for custom tags to set paths without allowing access to the admin panel.

Does seem strange though.

Rob
 
Upvote 0 Downvote
A popular custom tag is image resize, and I don't think that feature is in CF7.

Besides, hosting companies can instal the CT on the server and give permission for their users to use. Many hosting companies do that. HostMySite.com and FrontServe.com do that to name a few.

____________________________________
Just Imagine.
 
Upvote 0 Downvote
GoDaddy is the gutter trash of the web hosting world, at least in my experience with them. They try not to do anything that involves work, hense the no custom tags rule. They offer cheap services at cheap prices, and if you expect them to do anything to help you then you can just go somewhere else. They set up a working configuration of a server, and refuse to allow anything to change on it so that nothing breaks and they don't have to work.

But, then again, isn't that every web host's dream? [tongue]

hugstable77, I can assure you that if you were using any other web host you wouldn't be running into these problems.

Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Upvote 0 Downvote
A popular custom tag is image resize, and I don't think that feature is in CF7.

not directly, but java can do it. If you know the classes to call, you can manipulate images with a statndard cfmx installation.

Kevin

Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
 
Upvote 0 Downvote
GUJUm0deL - i guess the guts of the question is how do i set up a directory that i can download files from securely... i dont want people pulling stuff down that does not belong to them...

i came to the project late - it is for my uncles company and he set up the hosting
 
Upvote 0 Downvote
hugstable77, ask you uncle if you can change hosting companies. Tell him that godaddy restrictions are so many that the feature he wants can't be done.

Give us an example of what you'd like to do. Like how would a user download a file (are they downloading an image they paid for, a PDF they subscribe to, etc?).

imstillatwork, yeah but how many ppl actually know how to call the java class to manipulate images?

____________________________________
Just Imagine.
 
Upvote 0 Downvote
i will see what i can do... He basically had an FTP site for customers - no ecommerce involved... I am trying to recreate one with coldfusion....
 
Upvote 0 Downvote
Maybe this well help.
I found this tutorial some time ago on keeping people from leeching images from your website (via CF). It basically shows how all images are called through a .cfm page, then that pages uses cfcontent to pull the requested image from the correct directory provided that the person is authorized to view the image and not coming from another web site.

By taking this tutorial's concept, you could modify the code to have everyone go to a "verification" type page that will check the user and only allow that user's files to be downloaded. All of the users files will need to be listed in the database for each user. That way, it doesn't matter what directory the files are in, the user will call a CF page that will hunt down the appropriate files and import them into the page they are viewing.

I hope this is making sense...


Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Upvote 0 Downvote
GUJUm0deL - just out of curiosity, what's the difference in downloading an image or pdf? Why would this matter?


Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Upvote 0 Downvote
ECAR, no difference. I was just listing some examples. I used image and PDF as an example for a specific situation (like one-time payment for something or pay a subscription to something, etc)

hugstable, the FTP access might work because the user has their own urername/password so it would be unique. What you can also do is in the database asign the userid with the product they have rights to access/download. But of course all this depends if godaddy will allow you to have FTP access. If they don't even allow custom tags usage, i'd think FTP might also be rejected.

____________________________________
Just Imagine.
 
Upvote 0 Downvote
they allow limited ftp - was hoping to use an http solution... thanks for that tutorial - i will check it out... i will also play along with those unix permissions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sirnose1
  • Locked
  • Question
CFIF for CFmail
Replies
0
Views
497
sirnose1
sirnose1
cohan123
  • Locked
  • Question
page layout->page size, optimal for web
Replies
0
Views
414
cohan123
cohan123
CTR
  • Locked
  • Question
ColdFusion Administrator - Secure DNS
Replies
2
Views
165
CTR
CTR
FALCONSEYE
  • Locked
  • Question
Error: no known VMs. (check for corrupt jvm.cfg file) !!! How I Fixed It !!!
Replies
0
Views
552
FALCONSEYE
FALCONSEYE
hifispin2015
  • Locked
  • Question
Creating a slect all button for A Multiple Slect HTML Form Field
Replies
1
Views
154
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top